centos 7 Modify sshd Disable root Login and sshd Port Script Definition
- 2021-07-03 01:17:19
- OfStack
1. New user wwweee000
[root@localhost ~]# useradd wwweee000
[root@localhost ~]# passwd wwweee000
Changing password for user wwweee000.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.
2. # The Port 22 field is deleted, and 22 is changed to another unused port. The server port can be opened up to 65536.//Note that Port is capitalized "P"
[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "Port *"
17 #Port 22
100 #GatewayPorts no
[root@localhost ~]# cat /etc/ssh/sshd_config|grep -n "Port *"
17:#Port 22
100:#GatewayPorts no
[root@localhost ~]# awk "/Port */" /etc/ssh/sshd_config
#Port 22
#GatewayPorts no
The above still doesn't satisfy the output: We just need the answer to Port 22.
[root@localhost ~]# cat /etc/ssh/sshd_config|grep -n "Port\ "
17:#Port 22
[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "Port\ "
17 #Port 22
[root@localhost ~]# cat /etc/ssh/sshd_config|grep -n "Port\ "
17:#Port 22
[root@localhost ~]# awk "/Port\ /" /etc/ssh/sshd_config
#Port 22
[root@localhost ~]# sed -i "17s/#Port 22/Port 22/g" /etc/ssh/sshd_config
[root@localhost ~]# awk "/Port\ /" /etc/ssh/sshd_config
Port 22
-n shows the line number; \ Backslash substantive definition
3. Modify Port 22 to 4096 without vi/vim
[root@localhost ~]# sed -i "17s/Port 22/Port 4096/g" /etc/ssh/sshd_config
[root@localhost ~]# cat /etc/ssh/sshd_config|grep "Port\ "
Port 4096
4. Modify # PermitRootLogin yes to PermitRootLogin no
[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "PermitRootLogin"
49 #PermitRootLogin yes
104 # the setting of "PermitRootLogin without-password".
[root@localhost ~]# sed -i "49s/#PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "PermitRootLogin no"
49 PermitRootLogin no
5. Restart the sshd service
[root@localhost ~]# systemctl restart sshd.service
6. User login changes using wwweee000
[wwweee000@localhost ~]$
user Ordinary users cannot edit
/etc/ssh/sshd_config
You need to switch root to edit. Switch root command: su
7. root runs and writes the shell script. //Script generic centos 7 (primary: sshd_config port number definition input disabled for root login)
#!/bin/bash
sshd_Port=`cat /etc/ssh/sshd_config|grep "Port\ "`
echo " Current sshd Port: $sshd_Port"
read -ep " Please enter sshd Connection port of service Port ( 1-65536 );
Make sure other port conflicts and firewall ports are open for business: " sshd_Port_read
echo " The port number you entered: $sshd_Port_read"
sed -i "s/$sshd_Port/Port $sshd_Port_read/g" /etc/ssh/sshd_config
echo " The port has been set to: `cat /etc/ssh/sshd_config|grep "Port\ "`"
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
systemctl restart sshd.service
exit 0
Run the test (reusable) This firewall shutdown/production server turns off the firewall
[root@localhost wwweee000]# firewall-cmd --state
not running
[root@localhost ~]# sh sshd_config_Port.sh
Current sshd Port: Port 22
Please enter sshd Connection port of service Port ( 1-65536 )
Make sure other port conflicts and firewall ports are open for business: 4096
The port number you entered: 4096
The port has been set to: Port 4096
Summarize