| Daemon | sshd |
| Port | 22 |
| Config | /etc/ssh/sshd_config |
Default Config Files and SSH Port
OpenSSH server configuration file
/etc/ssh/sshd_config
OpenSSH client configuration file
/etc/ssh/ssh_config
Users ssh configuration directory
~/.ssh/
Lists the public keys (RSA or DSA) that can be used to log into the user’s account
~/.ssh/authorized_keys
If the below file exists, sshd refuses to let anyone except root log in
/etc/nologin
Access controls lists that should be enforced by tcp-wrappers are defined here.
/etc/hosts.allow and /etc/hosts.deny
SSH default port : TCP 22
Use SSH Protocol 2
sshd_config file configurations
# Only allow root and xyz user to use the system via SSH, add the following to sshd_config:
AllowUsers root xyz
# Alternatively, you can allow all users to login via SSH but deny only a few users, with the following line:
DenyUsers abc foo
# Configure Idle Log Out Timeout Interval (sshd_config)
ClientAliveInterval 300
ClientAliveCountMax 0
# Disable root Login via SSH
PermitRootLogin no
# Enable a Warning Banner
Banner /etc/issue
# Change SSH Port and Limit IP Binding
Port 300
ListenAddress 192.168.1.5
ListenAddress 202.54.1.5
# Disable Empty Passwords
PermitEmptyPasswords no
# Use Log Analyzer
LogLevel INFO
Verify your sshd_config file before restarting / reloading changes:
# /usr/sbin/sshd -t
SSH allows administrators to set an idle timeout interval
Find ClientAliveInterval and set to 300 (5 minutes) as follows:
# vi /etc/ssh/sshd config
ClientAliveInterval 300
ClientAliveCountMax 0
Save and close the file. Restart sshd:
# service sshd restart
Running a remote command
# ssh username@host command1;command2
Allow SSH without password
Server – login to other system without password
Client – allows user from server without password
Server configuration
# ssh-keygen -t dsa
# cd .ssh
# scp id_dsa.pub root@server:~/.ssh/authorized_keys
No comments:
Post a Comment