When root SSH remote login is enabled on the server, attempts to log in to the server using an unknown IP address are frequently encountered
There were 4148 failed login attempts since the last successful login.
Copy the codeI am not familiar with the server, so I didn’t care about it at first, but after using it for a few days, I suddenly stopped using it and couldn’t log in. I think it must be attacked, try to change it.
1. Add the client public key to the server
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Copy the code- Disable password login on the server
sshLogging In to the Server
vi /etc/ssh/sshd_config
Copy the codeAdd to the configuration file
PermitEmptyPasswords no
# Disable password input
PasswordAuthentication no
Copy the code- restart
ssh
systemctl restart sshd.service
Copy the code2. Modify the default port
By default, you can log in to port 22 over SSH
- Modifying a Configuration File
vi /etc/ssh/sshd_config
Copy the codePort is not 22 can be changed, the number is not too big, if changed to 220
Port 220
Copy the code- Open the previous port
firewall-cmd --add-port=220/tcp --permanent
firewall-cmd --reload
Copy the code- Log on to way
ssh -p220 [email protected]
Copy the code3. Add a user and prohibit the login of root
useradd newname
passwd newname
Copy the codePrompt for a password
Modifying a Configuration File
vi /etc/ssh/sshd_config
Copy the code- ban
rootThe login
PermitRootLogin no
Copy the code- Add the login permission of a new user
AllowUsers newname
Copy the codeIf you are logged in, you want to switch to root
su
Copy the codeEnter the root password
4. You can still do it
Some prevent certain IP login, prevent brute force cracking, etc., not done for the time being.
I think the first step, add the public key is enough, the following steps have also done, feel trouble to delete, but I do not know whether it will be cracked.
Reference 5.
Centos 7 SSH password-free login
SSH common users in centos can log in with security keys
Centos7 SSH Provides five anti-brute force cracking methods