Ero sivun ”Ssh/en” versioiden välillä
(Ak: Uusi sivu: == Authentication using keys ==) |
(Ak: Uusi sivu: Allow user matti to log in using SSH.) |
||
| Rivi 68: | Rivi 68: | ||
| − | + | Allow user matti to log in using SSH. | |
AllowUsers matti | AllowUsers matti | ||
Versio 1. heinäkuuta 2015 kello 05.24
SSH is a practical remote control service for Linux.
SSH (Secure Shell) is also a protocol, but in this article we cover the apt package named ssh.
Sisällysluettelo
Installation
We install the ssh package with aptitude.
aptitude install ssh
Configuration
/etc/ssh/sshd_config
In this file you will find the important configurations of the ssh server.
We modify it with nano.
nano /etc/ssh/sshd_config
Port (TCP, UDP) is defined with a number (22 by default).
Port 22
Login timeout, defined as seconds (120 by default).
LoginGraceTime 120
We allow or prevent logging as the root user while using SSH. Define "yes" or "no" (yes by default). It is highly recommended that you prevent logging into root while using SSH.
PermitRootLogin yes
The total amount of unauthenticated connections allowed. Defined [at least]:[probability%]:[at most] (probability% grows linearly, as we approach the highest amount [at most])
MaxStartups 10:30:60
When uncommented (without '#' preceding the line), this prints a message as a user logs in (after inputting the username).
Banner /etc/issue.net
You can modify the message using nano.
nano /etc/issue.net
Message displayed after login:
nano /etc/motd
Default message:
The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
In the end we apply the modified configuration by restarting the ssh service.
service ssh restart
It is recommended to install Fail2ban on an SSH-server, as there are automatic bots out there who will try to force their way inside your SSH server. Fail2ban keeps them out.
Additional settings
Highest amount of sessions per user
MaxSessions 10
Allow user matti to log in using SSH.
AllowUsers matti
Sallitaan tietyn käyttäjän tai käyttäjien kirjautuminen vain tietystä LANista
AllowUsers root@88.148.222.100 AllowUsers root@example.com AllowUsers root@192.168.*.* Tässä esimerkissä kaikki osoitteesta 192.168.0.0/16 pääsee sisälle
Estä käyttäjää paavo kirjautumaan SSH yhteydellä.
DenyUsers
Allow users in a group to log in with SSH.
AllowGroups Admins
Prevent users in a group to log in with SSH.
DenyGroups
