添加mysql防火墙规则:
vim /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 30022 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
更改22端口
vim /etc/ssh/sshd_config
在#Port 22添加Port 30022
#vim /etc/sysconfig/iptables
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 30022 -j ACCEPT
service iptables save
/etc/init.d/sshd restart
ubuntu
vim /etc/ssh/sshd_config
service ssh restart
防ping
关闭ping:
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
开启ping:
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
useradd test
echo "123456" | passwd --stdin test
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
禁止root用户远程登录
vim /etc/ssh/sshd_config,将PermitRootLogin的值改成no,并保存
使用SSH Key登录并禁用root密码登录
vim /etc/ssh/sshd_config
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
去调上面3行前面的#
PasswordAuthentication yes修改为:PasswordAuthentication no
保存后重启SSH服务。service sshd restart
离线