1、 :vi /etc/sysconfig/iptables
7022
-A INPUT -m state --state NEW -m tcp -p tcp --dport 7022 -j ACCEPT
======================================================================
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 7022 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
, :
/etc/init.d/iptables restart
service iptables restart
=======================================================================
2、 ssh
cp /etc/ssh/ssh_config /etc/ssh/ssh_configbak
cp /etc/ssh/sshd_config /etc/ssh/sshd_configbak
ssh :7022
vi /etc/ssh/sshd_config
#Port 22 Port 7022
vi /etc/ssh/ssh_config
#Port 22 Port 7022
:/etc/init.d/sshd restart
service sshd restart
7022 , 。 22 , ssh 7022 ! 。
=======================================================================
3、 root ssh
vi /etc/ssh/sshd_config
PermitRootLogin, yes no, # , root !
, root su root root
=======================================================================
4、 SSH
root,user1 user2 SSH , sshd_config
vi /etc/ssh/sshd_config
AllowUsers rootuser1user2
=======================================================================
5、
ssh , 。
sshd_config , 。
vi /etc/ssh/sshd_config
ClientAliveInterval 600
ClientAliveCountMax 0
600 , 10 ,
, ( / )。
=======================================================================
6、 IP
vi /etc/hosts.deny # sshd:ALL
vi /etc/hosts.allow # :sshd:192.168.1.1 #( 192.168.1.1 IP )
ssh :/etc/init.d/sshd restart