SSH 22
SSH ( secure Shell server ) is a program for login into a remote machine. and for executing commands on a remote machine. It is a replace to rlogin, telnet and rsh protocol. SSH provide secure encrypted communications between two untrusted hosts over the networks.
Package Name : openssh
Deamon Name : sshd
log file : /var/log/secure
configuration file ; /etc/ssh/sshd_config
===============================================================================================
How to configure SSH service.
1> #yum install openssh
2> #service sshd restart
3> #vim /etc/ssh/sshd_config
i. Disable root login
PermitRootLogin no
ii. Close unused session ( means session automatically closed if password not provided)
LoginGraceTime 1m ( 1minutes )
iii. Maximum password try
MaxAuthTries 2
iv. Total number of sessions
MaxSessions 6
v. Allow SSh on particular interface
ListenAddress 192.168.0.130
You can verify this using
#netstat -tnulp | grep sshd
vi.Disable graphic access
X11Forwarding no
vii. Deny ssh to particular group/user
Add the lines
DenyUsers alex xyz
DenyGroups hr web
viii. Set SSH banner
Banner “/etc/banner” ——–any file name and add message into it
Note : You can configure any number of above option not necessary above all
4> #service sshd restart
5> #chkconfig sshd on
===============================================================================================
Extra :
1> Remote access
#ssh 192.168.122.130
Note :
i. When you first time access any remote machine. It save authentication key and then ask for password. and then for second or next ssh it only ask for password.
ii. It save public key of remote machine in
/root/.ssh/know_hosts
iii. each user has its own public_key
/home/user/.ssh
iv. when you try to access ssh. By default it try to access same user as you login with. Means if you are login with xyz then remote ssh also try to login xyz on that machine.
2> login to particular user
#ssh [email protected]
Or
#ssh -l alex 192.168.0.130
3> Directaly execute command on remote machine.
#ssh [email protected] “free -m”
4> Run/ Get graphical command
#ssh -X [email protected] ———-graphic enable
eg. #firefox
Leave a Reply
You must be logged in to post a comment.