Change ssh port

The default ssh port is 22, but there are too much script tools which scan the default port.

  1. vi /etc/ssh/sshd_config 
    1

     Port 22
  2. service sshd restart

Forbidden login with root

  1. vi /etc/ssh/sshd_config 
    1

    PermitRootLogin no
  2. service sshd restart

Use ssh connect server without password

  1. ssh-keygen -t rsa -b 4096 -C "some comment" -f ~/path/key
  2. vi /etc/ssh/sshd_config 
    1

    AuthorizedKeysFile     ~/path/key1 ~/path/key2
  3. service sshd restart
  4. then config the client in your computer which you will connect the server as below: 
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

    # custom comment
Host aliasName
    HostName ip or hostname
    Port 22
    User $username
    IdentityFile ~/path/key
    # Keep session alive
    ServerAliveInterval 60
    # reuse ssh established channal
    ControlMaster auto
    ControlPath ~/.ssh/session/%h-%C

Now you can try to connect the server in your computer: ssh $aliasName, if you can connect correctly, now you can forbid the PasswordAuthentication.

Forbidden login with password authentication

Before you forbidden the PasswordAuthentication, you must add ssh key to ensure you can connect server.

  1. vi /etc/ssh/sshd_config 
    1

    PasswordAuthentication no
  2. service sshd restart
  3. now you can’t connect the server with password.

Just one more thing, if you want to deny some user with ssh login, you can do the following:

  1. vi /etc/ssh/sshd_config 
    1

    DenyUsers $username
  2. service sshd restart