Wednesday, December 5, 2012

Change default port and disable root login in ssh and configure iptables accordingly

nano /etc/ssh/sshd_config

uncomment the line

#Port 22

and make it

Port 31111

then go to 

#PermitRootLogin   yes

and make it

PermitRootLogin   no

save the file

service sshd restart

now if I try to access my server using ssh with 31111 port

ssh -p 31111

it won't be accessible,we need to configure IPTABLES to make the port 31111 accessible from outside  

go to 

nano /etc/sysconfig/iptables

After the line

-A FORWARD -i eth1 -o eth0 -j ACCEPT

put this line

-A INPUT -p tcp -m state --state NEW -m tcp --dport 31111 -j ACCEPT

save the file

service iptables restart

ssh -p 31111

will prompt you to login with root

thoough you can not login with root as expected


useradd subrata

passwd subrata

set subrata's password

add subrata to the wheel group

nano /etc/group

go to the line 


make it


save the file

now subrata is in wheel group

go to 

nano /etc/sudoers

go to 

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

uncomment the second line so that it looks like

## Allows people in group wheel to run all commands
 %wheel        ALL=(ALL)       ALL

save the file

now using subrata you can do every thing

ssh -p 31111 subrata@ will work just fine.

No comments:

Post a Comment