SSH security configuration

Block root login system ,only allow ordinary user.

Root user as a super administrator in CentOS, It’s may damage system if you login system

through root and do sameoperation by mistake.Therefore , to ensure security ,it’s necessary

to block root user login directly.

You can create an ordinary user to login system by ssh, and can also execute command “su – root”

if you need root permission.

STEPS:

1. create ordinary user and set password

useradd user

passwd user

2. disallow root login directly

(1) vim /etc/ssh/sshd_config

search “#PermitRootLogin yes” , and remove “#”,changing “yes” to “no”

as shown in the following figure.

2

save and exit!

(2) vim /etc/ssh/security/access.conf

find “-:ALL EXPECT root :All” and modify it to “-:ALL EXPECT root user:All”.

3

save and exit!

(3) restart sshd service

/etc/init.d/sshd restart

(4) confirm whether this ordinary user can login system normaly,if it can login system successfull,

edit access.conf again.

vim /etc/ssh/security/access.conf ,

find “-:ALL EXPECT root user:All” and change it to “-:ALL EXPECT user:All”

save and exit,then restart sshd service

/etc/init.d/sshd restart

(5) after sshd restart, you can find that root had no permission to login system directly.

 

block specific ip login system

supose ip is 192.168.137.1

vim /etc/hosts.deny

add “sshd:192.168.137.1/255.255.255.255:deny” to /etc/hosts.deny.

save and exit!

and you can find that client 192.168.137.1 can’t login system.

Leave a Reply