Secure Shell
From KevinWiki
(Difference between revisions)
| Line 11: | Line 11: | ||
# What ports, IPs and protocols we listen for | # What ports, IPs and protocols we listen for | ||
| - | <span style="color: | + | <span style="color: blue; font-weight: bolder;">Port 22</span> |
e.g) | e.g) | ||
| - | <span style="color: | + | <span style="color: blue; font-weight: bolder;">Port 1234</span> |
| + | *and change the following lines | ||
| + | # Authentication: | ||
| + | LoginGraceTime 120 | ||
| + | <span style="color: blue; font-weight: bolder;">PermitRootLogin yes</span> | ||
| + | StrictModes yes | ||
| + | |||
| + | to like these lines below | ||
| + | # Authentication: | ||
| + | LoginGraceTime 120 | ||
| + | <span style="color: blue; font-weight: bolder;">PermitRootLogin no</span> | ||
| + | StrictModes yes | ||
| + | <span style="color: blue; font-weight: bolder;">AllowUsers username</span> | ||
Revision as of 09:56, 3 October 2008
Contents |
Secure Shell (SSH)
Secure Shell (SSH) is a network protocol which transfers data using a secure channel between two networks.
Change Port Number
- Changing the port number for ssh can be one solution to ignore ssh brute force attack.
- Open
/etc/ssh/sshd_configfile and change the port number.
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
e.g)
Port 1234
- and change the following lines
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
to like these lines below
# Authentication: LoginGraceTime 120 PermitRootLogin no StrictModes yes AllowUsers username
Tunneling
-Creating a tunnel through ssh
$ ssh id@<remote machine address> -L <port number on local machine>:<local machine address>:<port on remote machine>
-To forward traffic from port 4881 on the local machine to port 8080 on the remote machine the IP of which is 192.168.0.10.
$ ssh id@192.168.0.10 -L 4881:localhost:8080
-To test a Java web application, running on tomcat server on a remote machine.
$ ssh id@remote.address -L 8080:localhost:8080
SCP
-Copy a file in the 'dir' directory on the remote machine to the directory 'home' on the local machine.
$ scp -pr username@remote_address:dir/file /home/
-p Preserves modification times, access times, and modes from the original file. -r Recursively copy entire directories.
-Copy a file on the local machine to remote machine
$ scp -p localfile remote.address:dir
