当前位置:网站首页>Four ways of SSH restricting login
Four ways of SSH restricting login
2022-04-23 14:22:00 【Small ash pier】
ssh Four ways to restrict login
1、xinetd service
To configure /etc/hosts.allow and hosts.deny
[root@centos7 ~]# hostname -I
192.168.75.171
[root@centos7 ~]# vim /etc/hosts.allow
all:192.168.75.160:allow
all:192.168.75.1:allow # Operate in the virtual machine , Remember to add host , or ssh It will interrupt , commit suicide
[root@centos7 ~]# cat /etc/hosts.deny
all:all:deny
[root@centos7 ~]# systemctl restart xinetd
[root@centos7 ~]# systemctl restart sshd
[root@CentOS6 ~]# hostname -I
192.168.75.160
[root@CentOS6 ~]# ssh [email protected]
[email protected]'s password:
Last login: Wed Nov 3 20:35:38 2021 from 192.168.75.160 # Normal login
[root@centos7 ~]#
[root@centos7 ~]# hostname -I
192.168.75.170
[root@centos7 ~]# ssh [email protected]
ssh_exchange_identification: read: Connection reset by peer # Unable to login
2、iptables
# iptables -t filter -A INPUT -s 1.1.1.1 -d `hostname -I` -p tcp --dport 22 -j ACCEPT
# iptables -t filter -A INPUT -p tcp --dport 22 -j DROP
3、 By modifying the sshd_config The configuration file AllowUsers Realization
AllowUsers
This command is followed by a list of user names separated by spaces ( You can use "*" and "?" wildcard ). By default, all users are allowed to log in .
If this instruction is used , Then only these users will be allowed to log in , And reject all other users .
If you specify USER@HOST Mode user , that USER and HOST Will be checked at the same time .
Only the user's name is allowed here, not UID. dependent allow/deny Instructions are processed in the following order :
DenyUsers, AllowUsers, DenyGroups, AllowGroups
[root@centos7 ~]# vim /etc/ssh/sshd_config
# Add the following address at the end , Each address is separated by a space
AllowUsers *@10.213.53.40 *@10.213.53.41 *@10.213.53.42 *@10.213.53.43 *@10.213.53.44 *@10.213.53.45 *@11.234.* *@11.2.2.*
[root@centos7 ~]# systemctl restart sshd
4、 Set login blacklist
[root@centos7 ~]# vi /etc/pam.d/sshd
# Additional
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/sshd_user_deny_list onerr=succeed
all /etc/sshd_user_deny_list Users inside are rejected ssh Sign in
版权声明
本文为[Small ash pier]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231409158465.html
边栏推荐
- DP energy Necklace
- 循环队列的基本操作,你学会了吗?
- kprobe 的 3 种使用
- Debug on TV screen
- 逻辑卷创建与扩容
- grep无法重定向到文件的问题
- 浅谈skiplist在LevelDB的应用
- 顺序表的操作,你真的学会了吗?
- Pass in external parameters to the main function in clion
- ThreadGroup ThreadGroup implémente l'interface threadfactory en utilisant la classe Introduction + Custom thread Factory
猜你喜欢
随机推荐
解决ssh配置文件优化以及连接慢的问题
01-nio basic ByteBuffer and filechannel
翻牌效果
After entering the new company, the operation and maintenance engineer can understand the deployment of the system from the following items
Tongxin UOS uninstall php7 2.24, install php7 4.27 ; Uninstall and then install PHP 7.2.34
JS recursion (1)
C语言知识点精细详解——数据类型和变量【1】——进位计数制
C语言p2选择分支语句详解
关于在vs中使用scanf不安全的问题
操作系统常见面试题目:
ie8 浏览器提示是否 阻止访问js脚本
MySQL-InnoDB-事务
MySQL lock database lock
顺序栈的基本操作
flannel 原理 之 子网划分
Mysql的安装过程(已经安装成功的步骤说明)
Man man notes and @ reboot usage of crontab
分分钟掌握---三目运算符(三元运算符)
C语言知识点精细详解——初识C语言【1】——你不能不知的VS2022调试技巧及代码实操【1】
IE8 browser prompts whether to block access to JS script