1.禁止root远程登录
vi /etc/ssh/sshd_config
PermitRootLogin yes改为PermitRootLogin no
重启sshd服务
service sshd restart
2.Centos7 ssh和vsftp限制IP登录白名单和黑名单
1)、修改文件:/etc/hosts.deny,加上最后两行,阻止所以进入,如下:
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd:ALL
vsftpd:ALL
2)、修改 /etc/hosts.allow,加上允许访问的IP,如下:
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd