1.升级openssh
rpm -Uvh openssh-8.8p1-1.el7.x86_64.rpm openssh-clients-8.8p1-1.el7.x86_64.rpm openssh-server-8.8p1-1.el7.x86_64.rpm
2.修改配置文件
sed -i “s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g” /etc/ssh/sshd_config.rpmnewsed -i “s/#PasswordAuthentication yes/PasswordAuthentication yes/g” /etc/ssh/sshd_config.rpmnewmv /etc/ssh/sshd_config /etc/ssh/sshd_config.bakmv /etc/ssh/sshd_config.rpmnew /etc/ssh/sshd_config
#Centos7需要注意将/etc/ssh/xxx_key文件权限修改为600
chmod 600 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
3.修改/etc/pam.d/sshd
echo “#%PAM-1.0auth required pam_sepermit.soauth substack password-authauth include postlogin# Used with polkit to reauthorize users in remote sessions-auth optional pam_reauthorize.so prepareaccount required pam_nologin.soaccount include password-authpassword include password-auth# pam_selinux.so close should be the first session rulesession required pam_selinux.so closesession required pam_loginuid.so# pam_selinux.so open should only be followed by sessions to be executed in the user contextsession required pam_selinux.so open env_paramssession required pam_namespace.sosession optional pam_keyinit.so force revokesession include password-authsession include postlogin# Used with polkit to reauthorize users in remote sessions-session optional pam_reauthorize.so prepare” > /etc/pam.d/sshd
如果默认不是22端口,修改ssh配置文件、添加ssh远程连接端口
vim /etc/ssh/sshd_configPort 10000
4.重启sshd服务
systemctl restart sshd
两粒种子,一片森林。
