How to configure the SSH server In Debian

Source: Internet
Author: User
Tags ssh server dns spoofing

In Debian 503, Debian does not seem to support ssh by default.

SSH Installation
Apt-get install openssh-server
Apt-get install ssh
SSH Configuration
OpenSSH configuration is concentrated in the/etc/ssh/ssh_config file.
Edit the "ssh_config" file (vim/etc/ssh/ssh_config) and add or change the following parameters:

# Site-wide defaults for various options
Host *
ForwardAgent no
ForwardX11 no
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
FallBackToRsh no
UseRsh no
BatchMode no
CheckHostIP yes
StrictHostKeyChecking no
IdentityFile ~ /. Ssh/identity
Port 22
Cipher blowfish
EscapeChar ~

The preceding option settings are described as follows: www.111cn.net

Host *
The "Host" option is only valid for computers that can match the strings below. "*" Indicates all computers.

ForwardAgent no
"ForwardAgent" sets whether the connection is forwarded to a remote computer by a verified proxy (if any.

ForwardX11 no
"ForwardX11" sets whether the X11 connection is automatically redirected to a secure channel and DISPLAY set ).

RhostsAuthentication no
"RhostsAuthentication" sets whether to use rhosts-based security verification.

RhostsRSAAuthentication no
"RhostsRSAAuthentication" sets whether to use the rhosts-based security verification of the RSA algorithm.

RSAAuthentication yes
"RSAAuthentication" sets whether to use the RSA Algorithm for security verification.

PasswordAuthentication yes
"PasswordAuthentication" sets whether to use password verification.

FallBackToRsh no
"FallBackToRsh" sets whether to use rsh automatically if an error occurs during ssh connection.

UseRsh no
"UseRsh" sets whether to use "rlogin/rsh" on this computer ".

BatchMode no
If "BatchMode" is set to "yes", the passphrase/password (Interactive password Input) Prompt will be disabled. This option is useful for script files and batch processing tasks when a password cannot be entered interactively.

CheckHostIP yes
"CheckHostIP" sets ssh to check the IP address of the host connected to the server to prevent DNS spoofing. We recommend that you set it to "yes ".

StrictHostKeyChecking no
If "StrictHostKeyChecking" is set to "yes", ssh will not automatically add the computer's key "$ HOME /. ssh/known_hosts, and the connection is denied once the key of the computer changes.
SSH
# Server configuration/etc/ssh/sshd_config
# Only Protocol Version 2 is considered
# Global configuration
VersionAddendum TecZm-20050505 # in telnet ip 22 can only see the version of openssh, can not see the OS
Protocol 2 # Use Protocol Version 2
Port 22 # sshd listening Port 22
ListenAddress 192.168.7.1 # sshd only listens to requests whose target ip address is 192.168.7.1
AllowGroups wheel myguest # Allow users in the wheel group and myguest group to log on
AllowUsers teczm authen@192.168.8.5 # Allow teczm users and authen users from the above groups to log on,
# Authen users can only log on from host 192.168.8.5
# DenyGroups # login denied group. The parameter settings are the same as those of AllowGroups.
# DenyUsers # users who refuse to log on, with the same parameter settings as AllowUsers
# AllowTcpForwarding yes # Whether the forwarded TCP packets are allowed. The default value is "yes ".
LoginGraceTime 60 # If the client fails to log on within 60 seconds, the logon times out. sshd closes the connection.
KeyRegenerationInterval 1800 #1800 seconds (30 minutes), the server's key is automatically regenerated.
MaxStartups 3 # set the amount of unverified concurrency that occurs simultaneously, that is, there can be several
UseDNS no # Do not use the DNS query client.
PermitRootLogin no # root logon is not allowed. root can be su after logon by a user in the wheel group.
X11Forwarding no # prohibit the user from running the X program on the remote host. I don't have X, so it doesn't matter.
UseLogin yes # disable X11Forwarding
# Authentication configuration (password authentication, PAM Authentication, and asymmetric key authentication)
# Password Authentication
PubkeyAuthentication no # Do not use Asymmetric Key Authentication
PasswordAuthentication yes # Password Authentication
PermitEmptyPasswords no # Do Not Allow users with empty passwords to log on
# PAM Authentication
PasswordAuthentication no # Password Authentication not used
UsePAM # use pam for authentication
ChallengeResponseAuthentication yes # Allow the Challenge Response Method
# Asymmetric Key Authentication
PasswordAuthentication no # Password Authentication not used
PubkeyAuthentication yes # Use Asymmetric Key Authentication
AuthorizedKeysFile. ssh/authorized_keys # public key used for user authentication.

For more details, see: http://www.111cn.net/sys/linux/57339.htm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.