It Essentials Linux security Koriyuki SSH usage, security, identity authentication and configuration ... "Go"

SSH General purpose

Provide shell to resolve Telnet unsecured transfer

1. Modify the default SSH default port

Vi/etc/ssh/sshd_config

Restart after modification

>systemctl Restart sshd

SSH security and configuration best practices

1, configuration root cannot shh login

> Vi/etc/ssh/sshd_config

After the configuration is complete, restart the SSH service

The connection does not take effect, prompting to reject the password

2. SSH access control (restricted network segment)

Vi/etc/hosts.deny

Reject All

Connection not on

Deny 192.168.1 network segment SSH

This way, only 2 network segments are rejected, so you can connect

3. SSH access Control (limited account)

Vi/etc/ssh/sshd_config

Restrict test and Root login

4, SSH only applicable agreement 2

Vi/etc/ssh/sshd_config

Remove comments, need to restart, only support SSH protocol 2, does not support 1

5. SSH password error number and limit null password

Vi/etc/ssh/sshd_config

Restart Service

6. SSH Restricted Intranet Login

This will only 130ssh log in.

Configuring SSH identity Authentication

Vi/etc/ssh/sshd_config

Systemctl Restart sshd

1. Using public and private keys

Ssh-keygen-t RSA (This is the case with test)

Enter------------password------Confirm password

The first file is a private key

The second file is a public key

Upload test's private key to Test1.

Ssh-copy-id

Enter the test1 password

Successfully uploaded

Switch to Test1

Cd. SSH

Ll

The private key of test was found

At this time we use test to go to the user login test1, need to enter a password, not test1 password

Turn from

It Essentials Linux security Koriyuki SSH usage, security, identity authentication, and configuration ...
http://www.toutiao.com/i6468624808778138125/

It Essentials Linux security Koriyuki SSH usage, security, identity authentication and configuration ... "Go"