centos 7 modify sshd | prohibit root login and sshd port script definition

1. Create a new user wwweee000

[root@localhost ~]# useradd wwweee000
[root@localhost ~]# passwd wwweee000
Changing password for user wwweee000.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.

2. #Delete the Port 22 field and change it to another unused port. The maximum server port can be 65536. //Note that Port is capitalized "P"

[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "Port *"
  17 #Port 22
  100 #GatewayPorts no
[root@localhost ~]# cat /etc/ssh/sshd_config|grep -n "Port *"
17:#Port 22
100:#GatewayPorts no
[root@localhost ~]# awk "/Port */" /etc/ssh/sshd_config
#Port 22
#GatewayPorts no

The above still does not satisfy the output result: we only need the answer for Port 22.

[root@localhost ~]# cat /etc/ssh/sshd_config|grep -n "Port\ "      
17:#Port 22
[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "Port\ "      
  17 #Port 22
[root@localhost ~]# cat /etc/ssh/sshd_config|grep -n "Port\ "      
17:#Port 22
[root@localhost ~]# awk "/Port\ /" /etc/ssh/sshd_config         
#Port 22
[root@localhost ~]# sed -i "17s/#Port 22/Port 22/g" /etc/ssh/sshd_config 
[root@localhost ~]# awk "/Port\ /" /etc/ssh/sshd_config         
Port 22

-n displays line numbers; \ backslash actually defines

3. Do not use vi/vim to modify Port 22 to 4096

[root@localhost ~]# sed -i "17s/Port 22/Port 4096/g" /etc/ssh/sshd_config 
[root@localhost ~]# cat /etc/ssh/sshd_config|grep "Port\ "
Port 4096

4. Change #PermitRootLogin yes to PermitRootLogin no

[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "PermitRootLogin"
  49 #PermitRootLogin yes
  104 # the setting of "PermitRootLogin without-password".
[root@localhost ~]# sed -i "49s/#PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "PermitRootLogin no"
  49 PermitRootLogin no

5. Restart sshd service

[root@localhost ~]# systemctl restart sshd.service

6. Changes in user login using wwweee000

[wwweee000@localhost ~]$

Ordinary users cannot edit /etc/ssh/sshd_config . You need to switch to root to edit it. To switch to root, use the command: su

7. Run as root and write shell scripts. //Script universal centos 7 (mainly: sshd_config port number definition input prohibits root login)

#!/bin/bash
sshd_Port=`cat /etc/ssh/sshd_config|grep "Port\ "`
echo "Current sshd port: $sshd_Port"
read -ep "Please enter the connection port of the sshd service (1-65536);
  Please make sure other ports conflict and firewall ports are open for service: "sshd_Port_read
echo "The port number you entered: $sshd_Port_read"
sed -i "s/$sshd_Port/Port $sshd_Port_read/g" /etc/ssh/sshd_config
echo " The port has been set: `cat /etc/ssh/sshd_config|grep "Port\ "`"
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
systemctl restart sshd.service
exit 0

Run the test (can be used repeatedly) this time the firewall is turned off/the production server is closed firewall

[root@localhost wwweee000]# firewall-cmd --state 
not running
[root@localhost ~]# sh sshd_config_Port.sh 
  Current sshd port: Port 22
  Please enter the connection port of the sshd service (1-65536)
  Please make sure other ports conflict and firewall ports are open for business: 4096
  The port number you entered: 4096
  The port has been set to: Port 4096

Summarize

The above is what I introduced to you about centos 7 modification of sshd | prohibition of root login and sshd port script definition. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!
If you find this article helpful, please feel free to reprint it and please indicate the source. Thank you!

You may also be interested in:

CentOS 7 set grub password and single user login example code
How to lock a user and prohibit them from logging in after N failed login attempts in Centos7
How to modify the SSH login port in CentOS7
Redhat 7/CentOS 7 SSH password-free login method
Solution to the CentOS 7 sshd connection rejection problem

<<: A quick solution to the first login failure in mysql5.7.20

>>: Vue's guide to pitfalls using throttling functions