Linux server SSH cracking prevention method (recommended)

1. The Linux server configures /etc/hosts.deny to prohibit the other party's IP from logging into my server via SSH

vim /etc/hosts.deny

2. Do not use the default port 22 of the SSH service. Reset a new port. It is best to set a new port number greater than 1024.

First, log in to the Alibaba Cloud console and open a new port on your server;

Then, modify the SSH configuration file on the server, add a line of Port 1618 to the file and save and exit (:wq)

vim /etc/ssh/sshd_config

Each time you change the SSH service configuration, you need to restart the SSH service.

service sshd restart

3. Do not give the other party the opportunity to crack by brute force. Delete common users such as admin. The other party cannot guess the username and cannot brute force the password (userdel -r means complete deletion without retaining the user's file information)

userdel -r admin

4. Prohibit the root user from logging in via SSH, because the default superuser name of the server is root, and the other party has the opportunity to brute force the password with the root username. If the password is successfully cracked, the damage caused by having root privileges is too great, especially in a production environment. Therefore, you can do this, log in to SSH with other users, and use su - to switch back to the root user if necessary

vim /etc/ssh/sshd_config

Change the line PermitRootLogin yes to PermitRootLogin no

5. The user password for logging into SSH should be as complex as possible.

Summarize

The above is the Linux server SSH cracking prevention method introduced by the editor. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!