Ferramentas de Usuário

Ferramentas de Site


en:wheezy:config:remote_access:ssh_server

2.3.2 Ssh Server

Instlalation

root@server:~# aptitude install openssh-server openssh-client

Configuration

The SSH server configuration is stored in /etc/ssh/sshd_config.

The netword address and port where ssh server accepts connections can be configured. Our server will only accept connections connections to address 192.168.1.100 and port22 and honoring SSH protocol version 2:

/etc/ssh/sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
ListenAddress 192.168.1.100
Protocol 2

#[...]

For safety reasons, root logins will be disabled. This will prevent brute force attacks to root password:

/etc/ssh/sshd_config
#[...]

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

#[...]

Also, no logins with empty passwords are allowed:

/etc/ssh/sshd_config
#[...]

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

#[...]

Restart the service:

root@server:~# /etc/init.d/ssh restart

Verification

Linux Clients

It should now be possible to establish a ssh connection to our server:

The first time you login into a remote server you will be warned that the identity of the host could not be established:

fribeiro@laptop:~$ ssh 192.168.1.100
The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
ECDSA key fingerprint is 98:c1:0a:ae:2b:h4:1c:5c:39:10:de:a4:47:5c:d9:83.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.100' (ECDSA) to the list of known hosts.
[email protected]'s password:
Linux server 3.2.0-4-686-pae #1 SMP Debian 3.2.41-2 i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun May  5 21:21:58 2013 from laptop.home.lan

fribeiro@server:~$ logout
Connection to 192.168.1.100 closed.
fribeiro@laptop:~$

root logins are not accepted:

fribeiro@laptop:~$ ssh -l root 192.168.1.100
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied (publickey,password).

Windows Clients

An excellent choice as a windows based SH client is PuTTY:

Becoming root

Because root logins are disabled, to become root in a ssh session, you must login as a 'regular' unprivileged user and then use su command to change your identity to root:

fribeiro@laptop:~$ ssh 192.168.1.100
[email protected]'s password:
inux server 3.2.0-4-686-pae #1 SMP Debian 3.2.41-2 i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Oct 27 21:48:09 2013 from laptop.home.lan
fribeiro@server:~$ su - root
Password:
root@server:~#

References

en/wheezy/config/remote_access/ssh_server.txt · Última modificação em: 2024-02-15 01:05 por 127.0.0.1