Of Stack

centos 7 Modify sshd Disable root Login and sshd Port Script Definition

  • 2021-07-03 01:17:19
  • OfStack

1. New user wwweee000 


[root@localhost ~]# useradd wwweee000
[root@localhost ~]# passwd wwweee000
Changing password for user wwweee000.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.

2. # The Port 22 field is deleted, and 22 is changed to another unused port. The server port can be opened up to 65536.//Note that Port is capitalized "P" 


[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "Port *"
  17 #Port 22
  100 #GatewayPorts no
[root@localhost ~]# cat /etc/ssh/sshd_config|grep -n "Port *"
17:#Port 22
100:#GatewayPorts no
[root@localhost ~]# awk "/Port */" /etc/ssh/sshd_config
#Port 22
#GatewayPorts no

The above still doesn't satisfy the output: We just need the answer to Port 22. 


[root@localhost ~]# cat /etc/ssh/sshd_config|grep -n "Port\ "      
17:#Port 22
[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "Port\ "      
  17 #Port 22
[root@localhost ~]# cat /etc/ssh/sshd_config|grep -n "Port\ "      
17:#Port 22
[root@localhost ~]# awk "/Port\ /" /etc/ssh/sshd_config         
#Port 22
[root@localhost ~]# sed -i "17s/#Port 22/Port 22/g" /etc/ssh/sshd_config 
[root@localhost ~]# awk "/Port\ /" /etc/ssh/sshd_config         
Port 22

-n shows the line number; \ Backslash substantive definition

3. Modify Port 22 to 4096 without vi/vim 


[root@localhost ~]# sed -i "17s/Port 22/Port 4096/g" /etc/ssh/sshd_config 
[root@localhost ~]# cat /etc/ssh/sshd_config|grep "Port\ "
Port 4096

4. Modify # PermitRootLogin yes to PermitRootLogin no 


[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "PermitRootLogin"
  49 #PermitRootLogin yes
  104 # the setting of "PermitRootLogin without-password".
[root@localhost ~]# sed -i "49s/#PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
[root@localhost ~]# cat -n /etc/ssh/sshd_config|grep "PermitRootLogin no"
  49 PermitRootLogin no

5. Restart the sshd service 


[root@localhost ~]# systemctl restart sshd.service

6. User login changes using wwweee000

[wwweee000@localhost ~]$

user Ordinary users cannot edit /etc/ssh/sshd_config You need to switch root to edit. Switch root command: su

7. root runs and writes the shell script. //Script generic centos 7 (primary: sshd_config port number definition input disabled for root login) 


#!/bin/bash
sshd_Port=`cat /etc/ssh/sshd_config|grep "Port\ "`
echo " Current sshd Port: $sshd_Port"
read -ep " Please enter sshd Connection port of service Port  ( 1-65536 ); 
 Make sure other port conflicts and firewall ports are open for business: " sshd_Port_read
echo " The port number you entered: $sshd_Port_read"
sed -i "s/$sshd_Port/Port $sshd_Port_read/g" /etc/ssh/sshd_config
echo " The port has been set to: `cat /etc/ssh/sshd_config|grep "Port\ "`"
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
systemctl restart sshd.service
exit 0

Run the test (reusable) This firewall shutdown/production server turns off the firewall 


[root@localhost wwweee000]# firewall-cmd --state 
not running
[root@localhost ~]# sh sshd_config_Port.sh 
 Current sshd Port: Port 22
 Please enter sshd Connection port of service Port  ( 1-65536 ) 
 Make sure other port conflicts and firewall ports are open for business: 4096
 The port number you entered: 4096
 The port has been set to: Port 4096

Summarize

Related articles: