Centos7登录配置

禁止账号密码登录

多开几个终端，修改ssh配置文件

vim /etc/ssh/sshd_config

PasswordAuthentication yes
PermitRootLogin without-password
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
UseDNS no

禁止root登录

vim /etc/ssh/sshd_config

PermitRootLogin no

修改SSH端口号

vim /etc/ssh/sshd_config

Port 10022

systemctl restart sshd

限制用户登录

增加auth required pam_access.so

vim /etc/pam.d/sshd

#%PAM-1.0
#auth        sufficient    pam_sss.so forward_pass
auth       required     pam_access.so
#account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account    required     pam_access.so
account    required     pam_nologin.so

vim /etc/security/access.conf

#VPN登录
+ : ALL EXCEPT root : 2.0.0.0/16 2.1.0.0/24 2.1.1.0/24 192.168.15.23 192.168.15.66
+ : ALL EXCEPT root : 192.168.104.0/22 192.168.167.0/24
#登录节点
+ : ALL EXCEPT root  : 174.0.250.1 174.0.250.2 174.0.250.3
#管理节点登录
+ : root : 55.0.0.1 55.0.0.2 55.0.0.11 55.0.0.12 174.0.250.13
+ : ALL : 71.0.0.0/24 10.0.0.1
#IB登录
+ : root : 100.0.0.0/24 100.0.100.0/24 100.0.101.0/24 100.0.102.0/24 100.0.103.0/24 100.0.200.0/24 100.0.250.0/24 100.0.254.0/24 EXCEPT 100.0.100.19 100.0.100.20 100.0.100.21 100.0.100.22 100.0.102.1 100.0.102.2 100.0.102.3 100.0.102.4 100.0.102.5 100.0.102.6 100.0.102.7 100.0.102.8 100.0.102.9 100.0.102.10 100.0.102.11 100.0.102.12 
- : ALL : ALL