ssh用来远程连接客户端的工具
禁止ssh空密码用户登录
more /etc/ssh/sshd_config
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config-back vim /etc/ssh/sshd_config systemctl restart sshd
ssh多次登录失败后锁定账号
83 more /etc/pam.d/sshd 84 cp /etc/pam.d/sshd-back 85 cp -p /etc/pam.d/sshd /etc/pam.d/sshd-back 86 vim /etc/pam.d/sshd auth required pam_tally2.so deny=5 unlock_time=300
87 systemctl restart sshd
限制root用户远程登录
vim /etc/ssh/sshd_config 备份 cp - p /etc/ssh/sshd_config /etc/ssh/sshd_config-back PermitRootLogin no //取消注释,改为no systemctl restart sshd
检查ssh远程使用的端口号
vim /etc/ssh/sshd_config
注释并修改端口号
systemctl restart sshd semanage port -a -t ssh_port_t -p tcp 2233
关闭防火墙才能连接ssh
firewall-cmd —zone=public —add-port=2233/tcp —permanent
重启ssh服务
systemctl restart sshd
设置登录超时自动注销
more /etc/profile
查看是否有
备份
cp -p /etc/profile /etc/profile-back vim /etc/profile export TMOUT=180
