Saturday, January 25, 2014

OPEN SSH

SSH

--> Pkg     -openssh
    Daemon  -sshd
    Portnum -22
    Files   -/etc/ssh/sshd_config
            .ssh/*


---> vim /etc/ssh/sshd_config

1. line 13  -> change port num.
   Port  53
   service sshd restart
   client connecting to your machine should connect giving like this
   ssh  -p 53  <server ip>  ,Only then it connects.


2. line 37   -> Allow/stop user to ssh
   AllowUsers  u1
   DenyUsers   u2
   service sshd restart
   This stops a client to connect as u2 and can connect as only u1 user.


3. line 37   -> Allow/stop user to ssh
   AllowGroups  asia
   DenyGroups   america
   service sshd restart
   This stops a client to connect as any members of america, and can connect
   as any member os america.


4. line 38  -> Login grace time.
   LoginGraceTime 1m  
   service sshd restart
   Once you connect to sshserver, you haf to provide passsword within a min,
   or connection fails.


5. line 39  -> Root login allowed/not-allowed
   PermitRootLogin no
   service sshd restart
   This stops a client to ssh as root user,anb can connect as normal user only


6. line 41  -> Password prompts
   MaxAuthTries 1
   service sshd restart
   Password is prompted only twice within which he has to give right password
   to authenticate.

7. line 96  -> Stop Gui Access
   X11Forwarding no
   service sshd restart
   Thou the client connects to your server using ssh -X <server.ip>, they
   wont be able to connect to GUI of Server


8.  Generating  Public/Private key

--> To generate the key     ->Generates id_dsa,id_dsa.pub files under .ssh dir
    ssh-keygen  -t   dsa

--> To copy key to client machine   ->copies id_dsa to .ssh of clients machine
    ssh-copy-id  -i   /root/.ssh/id_dsa    <clients.ip>



















No comments:

Post a Comment