--> Pkg     -openssh
    Daemon  -sshd
    Portnum -22
    Files   -/etc/ssh/sshd_config

---> vim /etc/ssh/sshd_config

1. line 13  -> change port num.
   Port  53
   service sshd restart

  client connecting to your machine should connect giving like this
   ssh  -p 53  <server ip>  ,Only then it connects.

2. line 37   -> Allow/stop user to ssh
   AllowUsers  u1
   DenyUsers   u2
   service sshd restart

   This stops a client to connect as u2 and can connect as only u1 user.

3. line 37   -> Allow/stop user to ssh

   AllowGroups  asia
   DenyGroups   america
   service sshd restart

   This stops a client to connect as any members of america, and can connect
   as any member os america.

4. line 38  -> Login grace time.
   LoginGraceTime 1m 
   service sshd restart

   Once you connect to sshserver, you haf to provide password within a min,
   or connection fails.

5. line 39  -> Root login allowed/not-allowed
   PermitRootLogin no
   service sshd restart

   This stops a client to ssh as root user,anb can connect as normal user only

6. line 41  -> Password prompts
   MaxAuthTries 1
   service sshd restart

   Password is prompted only twice within which he has to give right password
   to authenticate.

7. line 96  -> Stop Gui Access

   X11Forwarding no
   service sshd restart

   Thou the client connects to your server using ssh -X <server.ip>, they
   wont be able to connect to GUI of Server

8.  Generating  Public/Private key

--> To generate the key     ->Generates id_dsa, files under .ssh dir
    ssh-keygen  -t   dsa

--> To copy key to client machine   ->copies id_dsa to .ssh of clients machine
    ssh-copy-id  -i   /root/.ssh/id_dsa    <clients.ip>


If you found this post useful, I would really love it, if you can Like the Page, or share it with your Facebook/Google+/Twitter Friends... It will keep me motivated. Thank you!

No comments:

Post a Comment