ssh (secure shell)
- service name : sshd
- log file
/var/log/secure*
/var/log/audit/audit.log
- default configuration files and ssh ports
/etc/ssh/sshd_config --> openssh server configuration file
/etc/ssh/ssh_config --> openssh client configuration file
~/.ssh/ --> user ssh configuration directory
~/.ssh/authorized_keys ---> lists public key (RSA or DSA) that can be used to log into the user's account
/etc/nologin --> if the file exists, sshd refuses to let anyone except root log in
/etc/hosts.allow
/etc/hosts.deny --> these two file are access control list that should be enforced by tcp-wrappers defined here
- ssh default port ---> tcp:22
- examples of using tcp wrappers for sshd
allow ssh only from 192.168.1.2 172.16.23.12
put the line in /etc/hosts.allow
sshd : 192.168.1.2 172.16.23.12
vsftpd : ALL
put the line in /etc/hosts.deny
ALL : ALL
- enable warning banner
put the line in /etc/ssh/sshd_config
Banner /etc/banner (the file name banner must exists in /etc)
- service name : sshd
- log file
/var/log/secure*
/var/log/audit/audit.log
- default configuration files and ssh ports
/etc/ssh/sshd_config --> openssh server configuration file
/etc/ssh/ssh_config --> openssh client configuration file
~/.ssh/ --> user ssh configuration directory
~/.ssh/authorized_keys ---> lists public key (RSA or DSA) that can be used to log into the user's account
/etc/nologin --> if the file exists, sshd refuses to let anyone except root log in
/etc/hosts.allow
/etc/hosts.deny --> these two file are access control list that should be enforced by tcp-wrappers defined here
- ssh default port ---> tcp:22
- examples of using tcp wrappers for sshd
allow ssh only from 192.168.1.2 172.16.23.12
put the line in /etc/hosts.allow
sshd : 192.168.1.2 172.16.23.12
vsftpd : ALL
put the line in /etc/hosts.deny
ALL : ALL
- enable warning banner
put the line in /etc/ssh/sshd_config
Banner /etc/banner (the file name banner must exists in /etc)
Comments
Post a Comment