SSH 서버 설치(sshd)
- 기존에 설치되어 있는 openssh 삭제- ssh-3.2.9.1다운받아 설치
./configure
make && make install
ssh 생성
vi/etc/xinetd.d/ssh
service ssh
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/sshd
only_from = 127.0.0.1 192.168.0.0/24
server_args = -i
log_on_failure += USERID
}
포트 번호 변경
- ssh 기본 포트 : TCP 22, UDP 22
vi /etc/services
ssh 30035/tcp # SSH Remote Login Protocol
ssh 30035/udp # SSH Remote Login Protocol
ssh 접속 시 root 접근 제한 설정
- PermitRootLogin yes
vi /etc/ssh2/sshd2_config
PermitRootLogin no
마지막으로 변경한 포트(30035)가 열려있는지 확인한다.
netstat-anp | grep 30035
Restricting which users can log in
The syntax is:
DenyUsers user1 user2 user3
Use DenyUsers to block user login. You can use wild cards as well as user1@cyberciti.com (user1 is not allowed to login from cyberciti.com host) pattern.
DenyGroups group1 group2
A list of group names, if user is part of primary of supplementary group login access is denied. You can use wildcards. Please note that you cannot use a numeric group or username ID. If these directives are not used, default is to allow everyone.
Allowing selected users or group explicitly to log in
The syntax is:
AllowUsers user1 user2
This directive is opposite of DenyUsers directive i.e. user1 and user2 are only allowed to log in into the server.
AllowGroups group1 group2
This directive is opposite of DenyGroups directive i.e. members of group1 and group2 users are only allowed to log in into the server.
참고URL
- http://www.cyberciti.biz/tips/openssh-deny-or-restrict-access-to-users-and-groups.html
'리눅스' 카테고리의 다른 글
[NGINX] NGINX(nginx-1.4.2) 설치 (1) | 2013.09.12 |
---|---|
docker로 mysql 컨테이너 실행하기 (0) | 2013.09.11 |
[리눅스] 우분투 SquashFS 사용 방법 (0) | 2013.09.10 |
[VNC] ERROR vnc : no displays configured (0) | 2013.09.10 |
CentOS 7에서 X Window System 및 GNOME 데스크톱 환경을 설치하는 방법 (0) | 2013.09.10 |