When I bought a Tencent cloud server, I found that the default login port was 22, and I had to enter the password every time I logged in. I felt very uncomfortable, so I decided to optimize for these two points: change the default port 22 to achieve a secret free login!

We logged in according to the usual process:

ssh [email protected](Default port is 22)
Enter the password

Modifying the Default Port

Netstat anlp | grep SSHD see the SSHD service port, now at this time should be 22 port

vi /etc/ssh/sshd_configTo modify the SSH configuration file, we need to open the sshd_config configuration file, and we will lock our eyes toPortOptions, as shown below:

We move the cursor to the #Port 22 line, remove the hash sign (i.e. remove the comment), and change the Port number to 10022

But be aware of the following passage:

Semanage port -a -t ssh_port_t -p TCP #PORTNUMBER semanage port -a -t ssh_port_t -p TCP #PORTNUMBER semanage port -a -t ssh_port_t -p TCP #PORTNUMBER semanage port -a -t ssh_port_t -p TCP #PORTNUMBER

SELinux module is a security module integrated with centos2.4 and above

Wq, save and exit.

Run semanage port -a -t ssh_port_t -p TCP 10022

-bash: semanage: command not found!

We can use the reverse lookup command to find out which package provides semanage

yum whatprovides semanage

From this, we can identify the package policyCoreutils-python

We can install the package directly

Yum install -y policycoreutils-python install -y policycoreutils-python install -y policycoreutils-python

Then we can use the previous command

semanage port -a -t ssh_port_t -p tcp 10022

Then we need to confirm that we have successfully added this port

semanage port -l | grep ssh

It is added successfully.

Note that there is an extra port 10088 here, which can be deleted by using the following command

semanage port -d -t ssh_port_t -p tcp 10088

Next, we need to restart the SSH service

service sshd restart

We can log in through the new port

ssh -p 10022 [email protected]

Keyless Login

ssh-keygenGenerate the ID_RSA file

Copy the local public key to the server (~/.ssh/authorized_keys) file

Note that instead of copying the local public key directly to the server, you can also use commands to process it

Ssh-copy-id -i ~/. SSH /id_rsa.pub [email protected] // Grant permission to the folder chmod 700 ~/. SSH chmod 600 ~/. SSH /authorized_keysCopy the code

If an error occurs: Enter passphrase forkey’ XXXX ‘, run the ssh-add command to add the public key to the cache

ssh-add -k ~/.ssh/id_rsa

Modify the config file in the ~/. SSH file to log in to the server without entering the IP address and port

// ~/.ssh/config
Host TX-WY
  Port 10022
  HostName xxx.xx.xxx.xx
  User root
  IdentityFile ~/.ssh/id_rsa
  IdentitiesOnly yes
Copy the code

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

SSH Change the default port number/Keyless login tip

Modifying the Default Port

Keyless Login

SSH Change the default port number/Keyless login tip

Modifying the Default Port

Keyless Login

Related Posts

Speed Up Python with iterator modules

Hive use must know must know series

ReentrantReadWriteLock: ReentrantReadWriteLock