SSH security configuration
Block root login system ,only allow ordinary user.
Root user as a super administrator in CentOS, It’s may damage system if you login system
through root and do sameoperation by mistake.Therefore , to ensure security ,it’s necessary
to block root user login directly.
You can create an ordinary user to login system by ssh, and can also execute command “su – root”
if you need root permission.
STEPS:
1. create ordinary user and set password
useradd user
passwd user
2. disallow root login directly
(1) vim /etc/ssh/sshd_config
search “#PermitRootLogin yes” , and remove “#”,changing “yes” to “no”
as shown in the following figure.
save and exit!
(2) vim /etc/ssh/security/access.conf
find “-:ALL EXPECT root :All” and modify it to “-:ALL EXPECT root user:All”.
save and exit!
(3) restart sshd service
/etc/init.d/sshd restart
(4) confirm whether this ordinary user can login system normaly,if it can login system successfull,
edit access.conf again.
vim /etc/ssh/security/access.conf ,
find “-:ALL EXPECT root user:All” and change it to “-:ALL EXPECT user:All”
save and exit,then restart sshd service
/etc/init.d/sshd restart
(5) after sshd restart, you can find that root had no permission to login system directly.
block specific ip login system
supose ip is 192.168.137.1
vim /etc/hosts.deny
add “sshd:192.168.137.1/255.255.255.255:deny” to /etc/hosts.deny.
save and exit!
and you can find that client 192.168.137.1 can’t login system.