Ero sivun ”Ssh/en” versioiden välillä
(Ak: Uusi sivu: Highest amount of sessions per user) |
|||
(8 välissä olevaa versiota samalta käyttäjältä ei näytetä) | |||
Rivi 68: | Rivi 68: | ||
− | + | Allow user matti to log in using SSH. | |
AllowUsers matti | AllowUsers matti | ||
− | + | Allow a certain user or users to log in from a specific LAN. | |
AllowUsers root@''88.148.222.100'' | AllowUsers root@''88.148.222.100'' | ||
AllowUsers root@''example.com'' | AllowUsers root@''example.com'' | ||
− | AllowUsers root@''192.168.*.*'' | + | AllowUsers root@''192.168.*.*'' in this example everybody from the address space 192.168.0.0/16 are allowed to log in |
− | + | Prevent user paavo from logging in with SSH. | |
− | DenyUsers | + | DenyUsers paavo |
− | + | Allow users in a group to log in with SSH. | |
AllowGroups Admins | AllowGroups Admins | ||
− | + | Prevent users in a group to log in with SSH. | |
DenyGroups | DenyGroups | ||
− | == | + | == Authentication using keys == |
Nykyinen versio 1. heinäkuuta 2015 kello 05.25
SSH is a practical remote control service for Linux.
SSH (Secure Shell) is also a protocol, but in this article we cover the apt package named ssh.
Sisällysluettelo
Installation
We install the ssh package with aptitude.
aptitude install ssh
Configuration
/etc/ssh/sshd_config
In this file you will find the important configurations of the ssh server.
We modify it with nano.
nano /etc/ssh/sshd_config
Port (TCP, UDP) is defined with a number (22 by default).
Port 22
Login timeout, defined as seconds (120 by default).
LoginGraceTime 120
We allow or prevent logging as the root user while using SSH. Define "yes" or "no" (yes by default). It is highly recommended that you prevent logging into root while using SSH.
PermitRootLogin yes
The total amount of unauthenticated connections allowed. Defined [at least]:[probability%]:[at most] (probability% grows linearly, as we approach the highest amount [at most])
MaxStartups 10:30:60
When uncommented (without '#' preceding the line), this prints a message as a user logs in (after inputting the username).
Banner /etc/issue.net
You can modify the message using nano.
nano /etc/issue.net
Message displayed after login:
nano /etc/motd
Default message:
The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
In the end we apply the modified configuration by restarting the ssh service.
service ssh restart
It is recommended to install Fail2ban on an SSH-server, as there are automatic bots out there who will try to force their way inside your SSH server. Fail2ban keeps them out.
Additional settings
Highest amount of sessions per user
MaxSessions 10
Allow user matti to log in using SSH.
AllowUsers matti
Allow a certain user or users to log in from a specific LAN.
AllowUsers root@88.148.222.100 AllowUsers root@example.com AllowUsers root@192.168.*.* in this example everybody from the address space 192.168.0.0/16 are allowed to log in
Prevent user paavo from logging in with SSH.
DenyUsers paavo
Allow users in a group to log in with SSH.
AllowGroups Admins
Prevent users in a group to log in with SSH.
DenyGroups