Skills of using SSH 01/31 Update SLTechnology News&Howtos

Skills of using SSH

2025-01-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

The ssh server configuration file is / etc/ssh/sshd_conf

1 port 22 modify ssh listening port

2 protocol 2 only ssh protocol version 2 is allowed

3 permitrootlogin no does not allow root users to log in through ssh while creating a virtual user natasha without actual permissions and ensuring that it belongs to the wheel group for ssh login

4 allowusers natasha only allows user natasha to log in through ssh

5 ssh-keygen-t dsa creates a dsa key pair private key location ~ / .ssh/id_dsa public key location ~ / .ssh/id_dsa.pub copies the contents of the public key to another machine's ~ / ssh/authorized_keys file

Permission for chmod 600. ssh/authorized_keys to modify this file

Remove the comments from the following three lines

RSAAuthentition yes

PubkeyAuthentication no only allows login with dsa authentication.

AuthorizedKeysFile h/.ssh/authorized_keys

6 tcp wrappers allows only specified host connections

Add sshd:all to / etc/hosts.deny all hosts deny ssh service

Adding sshd:192.168.1 192.180.177.13 to / etc/hosts.allow allows the 192.168.1.0 network segment and 192.168.177.13 to use ssh services

7 use iptables to allow specific host connections

Iptables-An INPUT-p tcp-m state-- state NEW-- source 193.180.177.13-- dport 22-j ACCEPT allows a specific host to connect to your ssh service

Iptables-An INPUT-p tcp-- dport 22-j DROP ensures that no other hosts can access the ssh service

8 ssh time lock

In the first example, if a user enters the wrong password and does not allow access to the SSH service for a minute, each user can only try to log in once in a minute:

~ # iptables-An INPUT-p tcp-m state-- syn-- state NEW-- dport 22-m limit--limit 1/minute-- limit-burst 1-j ACCEPT

# iptables-An INPUT-p tcp-m state-- syn-- state NEW-- dport 22-j DROP

In the second example, set iptables to allow only the host 193.180.177.13 to connect to the SSH service. After three failed login attempts, iptables allows the host to try to log in once a minute:

# iptables-An INPUT-p tcp-s 193.180.177.13-m state-- syn-- state NEW-- dport 22-m limit--limit 1/minute-- limit-burst 1-j ACCEPT

~ # iptables-An INPUT-p tcp-s 193.180.177.13-m state-- syn-- state NEW-- dport 22-j DROP

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.