SSH
--> Pkg -openssh
Daemon -sshd
Portnum -22
Files -/etc/ssh/sshd_config
.ssh/*
---> vim /etc/ssh/sshd_config
1. line 13 -> change port num.
Port 53
service sshd restart
client connecting to your machine should connect giving like this
ssh -p 53 <server ip> ,Only then it connects.
2. line 37 -> Allow/stop user to ssh
AllowUsers u1
DenyUsers u2
service sshd restart
This stops a client to connect as u2 and can connect as only u1 user.
3. line 37 -> Allow/stop user to ssh
AllowGroups asia
DenyGroups america
service sshd restart
This stops a client to connect as any members of america, and can connect
as any member os america.
4. line 38 -> Login grace time.
LoginGraceTime 1m
service sshd restart
Once you connect to sshserver, you haf to provide passsword within a min,
or connection fails.
5. line 39 -> Root login allowed/not-allowed
PermitRootLogin no
service sshd restart
This stops a client to ssh as root user,anb can connect as normal user only
6. line 41 -> Password prompts
MaxAuthTries 1
service sshd restart
Password is prompted only twice within which he has to give right password
to authenticate.
7. line 96 -> Stop Gui Access
X11Forwarding no
service sshd restart
Thou the client connects to your server using ssh -X <server.ip>, they
wont be able to connect to GUI of Server
8. Generating Public/Private key
--> To generate the key ->Generates id_dsa,id_dsa.pub files under .ssh dir
ssh-keygen -t dsa
--> To copy key to client machine ->copies id_dsa to .ssh of clients machine
ssh-copy-id -i /root/.ssh/id_dsa <clients.ip>
No comments:
Post a Comment