SSH 22

SSH 22

SSH ( secure Shell server ) is a program for login into a remote machine. and for executing commands on a remote machine. It is a replace to rlogin, telnet and rsh protocol. SSH provide secure encrypted communications between two untrusted hosts over the networks.

Package Name : openssh
Deamon Name : sshd
log file : /var/log/secure
configuration file ; /etc/ssh/sshd_config

===============================================================================================
How to configure SSH service.

1> #yum install openssh

2> #service sshd restart

3> #vim /etc/ssh/sshd_config

i. Disable root login
PermitRootLogin no

ii. Close unused session ( means session automatically closed if password not provided)
LoginGraceTime 1m ( 1minutes )

iii. Maximum password try
MaxAuthTries 2

iv. Total number of sessions
MaxSessions 6

v. Allow SSh on particular interface
ListenAddress 192.168.0.130

You can verify this using
#netstat -tnulp | grep sshd

vi.Disable graphic access
X11Forwarding no

vii. Deny ssh to particular group/user
Add the lines
DenyUsers alex xyz
DenyGroups hr web

viii. Set SSH banner
Banner “/etc/banner” ——–any file name and add message into it

Note : You can configure any number of above option not necessary above all

4> #service sshd restart

5> #chkconfig sshd on

===============================================================================================

Extra :

1> Remote access

#ssh 192.168.122.130

Note :
i. When you first time access any remote machine. It save authentication key and then ask for password. and then for second or next ssh it only ask for password.

ii. It save public key of remote machine in
/root/.ssh/know_hosts

iii. each user has its own public_key
/home/user/.ssh

iv. when you try to access ssh. By default it try to access same user as you login with. Means if you are login with xyz then remote ssh also try to login xyz on that machine.

2> login to particular user

#ssh [email protected]

Or

#ssh -l alex 192.168.0.130

3> Directaly execute command on remote machine.
#ssh [email protected] “free -m”

4> Run/ Get graphical command
#ssh -X [email protected] ———-graphic enable
eg. #firefox

Posted in servers

Leave a Reply