Install
Here is how to install it (Debian):apt-get install ssh
Client
The ssh client configuration is in /etc/ssh/ssh_config. It recommended to change 'Protocol' line to (Only Protocol 2 will be used, since Protocol 1 is considered insecure):Protocol 2I would recommend you PuTTY Tray if you are connecting from Windows. You can also download sample registry sessions here.
Server
The SSH daemon configuration file can be found in /etc/ssh/sshd_config.Disable SSH connections on ipv6:
#AddressFamily any # default AddressFamily inet # IPv4 only #AddressFamily inet6 # IPv6 onlyTo allow access only for some users add this line:
AllowUsers userA userBHowever consider manage this at user group level:
AllowGroups sshusersIt is recommended prohibit root login:
PermitRootLogin noConfigure idle log out timeout interval (in seconds):
# Sets a timeout interval in seconds after which if no data has # been received from the client, sshd will send a message through # the encrypted channel to request a response from the client. The # default is 0, indicating that these messages will not be sent to # the client. ClientAliveInterval 300 # Sets the number of client alive messages (see above) which may be sent # without sshd receiving any messages back from the client. If this # threshold is reached while client alive messages are being sent, sshd # will disconnect the client, terminating the session. ClientAliveCountMax 0
Secure Server
To let other people ssh to your machine you need to adjust /etc/hosts.allow:# let everyone connect to you sshd: ALL # OR you can restrict it to a certain ip sshd: 192.168.0.1 # OR restrict for an IP range sshd: 10.0.0.0/255.255.255.0 # OR restrict for an IP match sshd: 192.168.1.So with allowed rules we need prohibit everyone else /etc/hosts.deny:
ALL: ALL: DENYRestart sshd deamon (Debian):
/etc/init.d/ssh restartThat's it. You can read more about ssh here. Best practices securing ssh are here.
Posts
No comments :
Post a Comment