Change ssh port

The default ssh port is 22, but there are too much script tools which scan the default port.

  1. vi /etc/ssh/sshd_config
    1
    
     Port 22
    
  2. service sshd restart

Forbidden login with root

  1. vi /etc/ssh/sshd_config
    1
    
    PermitRootLogin no
    
  2. service sshd restart

Use ssh connect server without password

  1. ssh-keygen -t rsa -b 4096 -C "some comment" -f ~/path/key
  2. vi /etc/ssh/sshd_config
    1
    
    AuthorizedKeysFile     ~/path/key1 ~/path/key2
    
  3. service sshd restart
  4. then config the client in your computer which you will connect the server as below:
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    
    # custom comment
    Host aliasName
        HostName ip or hostname
        Port 22
        User $username
        IdentityFile ~/path/key
        # Keep session alive
        ServerAliveInterval 60
        # reuse ssh established channal
        ControlMaster auto
        ControlPath ~/.ssh/session/%h-%C
    

Now you can try to connect the server in your computer: ssh $aliasName, if you can connect correctly, now you can forbid the PasswordAuthentication.

Forbidden login with password authentication

Before you forbidden the PasswordAuthentication, you must add ssh key to ensure you can connect server.

  1. vi /etc/ssh/sshd_config
    1
    
    PasswordAuthentication no
    
  2. service sshd restart
  3. now you can’t connect the server with password.

Just one more thing, if you want to deny some user with ssh login, you can do the following:

  1. vi /etc/ssh/sshd_config
    1
    
    DenyUsers $username
    
  2. service sshd restart