Mainos / Advertisement:

Ero sivun ”Ssh/en” versioiden välillä

Kohteesta Taisto
Siirry navigaatioon Siirry hakuun
(Ak: Uusi sivu: Message displayed after login:)
 
(14 välissä olevaa versiota samalta käyttäjältä ei näytetä)
Rivi 44: Rivi 44:
 
  [[nano]] /etc/motd
 
  [[nano]] /etc/motd
  
Oletusviesti:
+
Default message:
  
 
  The programs included with the Debian GNU/Linux system are free software;
 
  The programs included with the Debian GNU/Linux system are free software;
Rivi 55: Rivi 55:
  
  
Lopuksi otetaan muokattu konfiguraatio käyttöön käynnistämällä ssh palvelu uudestaan.
+
In the end we apply the modified configuration by restarting the ssh service.
  
 
  service ssh restart
 
  service ssh restart
  
Suositus on asentaa [[Fail2ban]] SSH-palvelimelle, sillä automaattisia botteja on olemssa ja yrittää hyökätä SSH palvelimiin.
+
It is recommended to install [[Fail2ban]] on an SSH-server, as there are automatic bots out there who will try to force their way inside your SSH server. [[Fail2ban]] keeps them out.
  
== Lisäasetukset ==
+
== Additional settings ==
  
Salli enintään istuntoja per käyttäjä
+
Highest amount of sessions per user
  
 
   MaxSessions 10
 
   MaxSessions 10
  
  
Salli vain käyttäjää matti kirjautumaan SSH yhteydellä.
+
Allow user matti to log in using SSH.
  
 
   AllowUsers matti
 
   AllowUsers matti
  
Sallitaan tietyn käyttäjän tai käyttäjien kirjautuminen vain tietystä LANista
+
Allow a certain user or users to log in from a specific LAN.
  
 
  AllowUsers root@''88.148.222.100''
 
  AllowUsers root@''88.148.222.100''
 
  AllowUsers root@''example.com''
 
  AllowUsers root@''example.com''
  AllowUsers root@''192.168.*.*'' Tässä esimerkissä kaikki osoitteesta 192.168.0.0/16 pääsee sisälle
+
  AllowUsers root@''192.168.*.*'' in this example everybody from the address space 192.168.0.0/16 are allowed to log in
  
Estä käyttäjää paavo kirjautumaan SSH yhteydellä.
+
Prevent user paavo from logging in with SSH.
  
   DenyUsers
+
   DenyUsers paavo
  
Salli käyttäjäryhmässä olevien käyttäjien kirjautuminen SSH yhteydellä.
+
Allow users in a group to log in with SSH.
  
 
  AllowGroups Admins
 
  AllowGroups Admins
  
Estä käyttäjäryhmässä olevia käyttäjiä kirjautumasta SSH yhteydellä.
+
Prevent users in a group to log in with SSH.
  
 
  DenyGroups
 
  DenyGroups
  
== Autentikointi avainpareilla ==
+
== Authentication using keys ==

Nykyinen versio 1. heinäkuuta 2015 kello 05.25

Muut kielet:
English • ‎suomi

SSH is a practical remote control service for Linux.

SSH (Secure Shell) is also a protocol, but in this article we cover the apt package named ssh.

Installation

We install the ssh package with aptitude.

aptitude install ssh

Configuration

/etc/ssh/sshd_config

In this file you will find the important configurations of the ssh server.

We modify it with nano.

nano /etc/ssh/sshd_config

Port (TCP, UDP) is defined with a number (22 by default).

Port 22

Login timeout, defined as seconds (120 by default).

LoginGraceTime 120

We allow or prevent logging as the root user while using SSH. Define "yes" or "no" (yes by default). It is highly recommended that you prevent logging into root while using SSH.

PermitRootLogin yes

The total amount of unauthenticated connections allowed. Defined [at least]:[probability%]:[at most] (probability% grows linearly, as we approach the highest amount [at most])

MaxStartups 10:30:60

When uncommented (without '#' preceding the line), this prints a message as a user logs in (after inputting the username).

Banner /etc/issue.net

You can modify the message using nano.

nano /etc/issue.net

Message displayed after login:

nano /etc/motd

Default message:

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.


In the end we apply the modified configuration by restarting the ssh service.

service ssh restart

It is recommended to install Fail2ban on an SSH-server, as there are automatic bots out there who will try to force their way inside your SSH server. Fail2ban keeps them out.

Additional settings

Highest amount of sessions per user

 MaxSessions 10


Allow user matti to log in using SSH.

 AllowUsers matti

Allow a certain user or users to log in from a specific LAN.

AllowUsers root@88.148.222.100
AllowUsers root@example.com
AllowUsers root@192.168.*.* in this example everybody from the address space 192.168.0.0/16 are allowed to log in

Prevent user paavo from logging in with SSH.

 DenyUsers paavo

Allow users in a group to log in with SSH.

AllowGroups Admins

Prevent users in a group to log in with SSH.

DenyGroups

Authentication using keys

Mainos / Advertisement: