InstallHere is how to install it (Debian):
apt-get install ssh
ClientThe ssh client configuration is in /etc/ssh/ssh_config. It recommended to change 'Protocol' line to (Only Protocol 2 will be used, since Protocol 1 is considered insecure):
Protocol 2I would recommend you PuTTY Tray if you are connecting from Windows. You can also download sample registry sessions here.
ServerThe SSH daemon configuration file can be found in /etc/ssh/sshd_config.
Disable SSH connections on ipv6:
#AddressFamily any # default AddressFamily inet # IPv4 only #AddressFamily inet6 # IPv6 onlyTo allow access only for some users add this line:
AllowUsers userA userBHowever consider manage this at user group level:
AllowGroups sshusersIt is recommended prohibit root login:
PermitRootLogin noConfigure idle log out timeout interval (in seconds):
# Sets a timeout interval in seconds after which if no data has # been received from the client, sshd will send a message through # the encrypted channel to request a response from the client. The # default is 0, indicating that these messages will not be sent to # the client. ClientAliveInterval 300 # Sets the number of client alive messages (see above) which may be sent # without sshd receiving any messages back from the client. If this # threshold is reached while client alive messages are being sent, sshd # will disconnect the client, terminating the session. ClientAliveCountMax 0
Secure ServerTo let other people ssh to your machine you need to adjust /etc/hosts.allow:
# let everyone connect to you sshd: ALL # OR you can restrict it to a certain ip sshd: 192.168.0.1 # OR restrict for an IP range sshd: 10.0.0.0/255.255.255.0 # OR restrict for an IP match sshd: 192.168.1.So with allowed rules we need prohibit everyone else /etc/hosts.deny:
ALL: ALL: DENYRestart sshd deamon (Debian):
/etc/init.d/ssh restartThat's it. You can read more about ssh here. Best practices securing ssh are here.