Optimize CentOS remote SSH connection

Time:2020-6-30

1.

① View the sshd service through the LS – L / etc / init.d/sshd command

② View the sshd process through the PS – ef| grep sshd command

2.ssh_ Config and sshd_ The difference between config is local client and server

3. Through ll / etc / SSH / sshd_ The config command is used to view the sshd configuration file

4. Before modifying the configuration file, the backup file should be named in the format of host name, time and date. Here, / etc / SSH / sshd will be used_ Config is backed up as / etc / SSH / sshd_ config.you .20160222

5. Set the line number by inputting the command set nu in the command mode of vi

6. Modify the configuration file as follows:

a. Change yes of usedns to No

b. Convert the listening address from 0.0.0.0 to 192.168.65.130

After modifying the listening address, it is found that the sshd service only accepts or treats intranet 192.168.65.130 as a legitimate IP address

c. Change the yes to no for root remote connection

d. Search gssauthentication and change the default yes comment to No

f. Modify the port number to change the original remote connection port 22 to 52113

7. Batch implementation of sshd configuration changes:

a. Paste the entire configuration to be modified directly to / etc / SSH / sshd_ Config (seems to deny that level no is more advanced?)

b. Batch modification by sed command: sed – IR ’13 iport 52113 / npermitypasswds no / nusedns no / ngssapiauthentication no’ sshd_ config

8. Compare the differences between the original document and the modified document

1. Use the diff command:

2. Use the vimdiff command (more powerful and can be highlighted)

9. Restart the sshd service through the commands / etc / init.d/sshd restart and / etc / init.d/sshd reload to make the configuration take effect

10. After modifying the configuration file, denial of service will occur

Obviously, because the port number was changed from 22 to 52113, but the session option of fast connection in SecureCRT was not changed, so the natural connection was not connected

If you log in again after modification, you can connect again

If after modifying the port, the connection logged in with the unmodified port is still active and connected, but once logged out, it will not be connected

Recommended Today

Swift advanced 08: closure & capture principle

closure closurecanCapture and storageOf any constants and variables defined in their contextquote, this is the so-calledClose and wrap those constants and variablesTherefore, it is called“closure”Swift can handle everything for youCaptured memory managementOperation of. Three forms of closure [global function is a special closure]: a global function is a closure that has a name but does […]