Publish: 2017-03-25 | Modify: 2017-03-25
By default, Linux systems use port 22 for SSH connections. However, this default port is easily scanned or subjected to brute force attacks. It is highly recommended to change the SSH port to a less predictable number. If you are unsure how to change the SSH port, please refer to the following guide: How to Change SSH Port in Linux
The root user in Linux systems has god-like privileges. If a hacker gains root access to your server, the consequences can be devastating. To mitigate this risk, it is advised to create a regular user account and disable root login. Here are the general steps:
# Create a new user "hixz"
useradd hixz
# Set a password for the user "hixz"
passwd hixz
# Modify the SSH configuration file
vi /etc/ssh/sshd_config
# Change "PermitRootLogin yes" to "PermitRootLogin no" or comment out this line
# Restart the SSH service
service sshd restart
Modifying the configuration file requires root privileges. After completing the steps, the root user will no longer be able to log in. You can now log in using the regular user account (hixz). If specific operations require root privileges, you can switch to the root user using su -
or use the sudo
command.
If you still find the above measures insufficient, you can further enhance security by setting up key-based authentication. For detailed instructions, you can refer to the following article in the FAQ section of XiaoZ's blog: How to Configure Key-Based Authentication in Linux
While securing the login process is crucial, it is equally important to cultivate good security habits in everyday usage. Here are some additional recommendations:
Remember, maintaining a secure server environment requires a combination of preventive measures, best practices, and regular security audits.
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.