Monday, February 20, 2012

SSH Server Configuration with Advance Option

ssh is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. The ssh client connects and logs into the specified host name. The user must provide his identity to the remote machine as specified in the sshd_config file, which can usually be found in /etc/ssh directory.

Per quest:-
  • Configure Server IP – & Hostname =
  • Configure Client IP – & Hostname =
  • Firewall should be off on server.
SSH Server Side Configuration:-
1] Three packages require to configure SSH server.
[root@server ~]# yum install openssh-server portmap xinetd

2] Now start the service sshd, xinetd, portmap
[root@server ~]# service sshd start
[root@server ~]# service xinetd start
[root@server ~]# service portmap start

3] Now make these service's on after reboot by using chkconfig command.
[root@server ~]# chkconfig –level 235 sshd on
[root@server ~]# chkconfig –level 235 xinetd on
[root@server ~]# chkconfig –level 235 portmap on

4] Create new user's.
[root@server ~]# useradd anup
[root@server ~]# passwd anup
[root@server ~]# useradd shubham
[root@server ~]# passwd shubham

SSH Client Side Configuration:-
1] Check communication with server.
[root@client ~]# ping

2] Now conncet SSH server using ssh command with root username & password.
[root@client ~]# ssh root@

Advace SSH Server Configuration:-
  • Block access to root user over ssh session, By default root user able to login through ssh.
1] Edit option from main configuration file.
[root@server ~]# vi /etc/ssh/sshd_config
From - #PermitRootLogin no --> PermitRootLogin yes
    • Save file and restart sshd service and try to login from client using root user.
2] Change default port no. (22) of ssh service.
[root@server ~]# vi /etc/ssh/sshd_config [ Remove port no. from following line & add new one.]
# What ports, IPs and protocols we listen for
From - Port 22 --> Port 2705
[root@server ~]# service sshd restart
    • To Login with new port number we have to use -p option with new port no.
[root@client ~]# ssh root@ -p 2705

3] SSH logins can be limited to only certain users who need remote access.
[root@server ~]# vi /etc/ssh/sshd_config [ Add following line at end of file. ]
AllowUsers anup shubham

4] Disconnect network after 3 invalid login attempt.
[root@server ~]# vi /etc/ssh/sshd_config [ Edit following line & Restart sshd service ]
From:- #MaxAuthTries = 6 To:- MaxAuthTries = 3

5] Restrict SSH access by IP address/hostname.
[root@server ~]# vi /etc/hosts.deny [ Insert the following line at end of file ]
sshd: OR
[root@server ~]# service sshd restart

No comments: