[리눅스] SSH 서버 설치(sshd)

SSH 서버 설치(sshd)

- 기존에 설치되어 있는 openssh 삭제- ssh-3.2.9.1다운받아 설치

./configure

make && make install

ssh 생성

vi/etc/xinetd.d/ssh

service ssh
{
       disable = no
       flags           = REUSE
       socket_type     = stream
       wait            = no
       user            = root
       server          = /usr/local/sbin/sshd
       only_from       = 127.0.0.1 192.168.0.0/24
       server_args     = -i
       log_on_failure  += USERID
}

포트 번호 변경

• ssh 기본 포트 : TCP 22, UDP 22

vi /etc/services

ssh             30035/tcp                            # SSH Remote Login Protocol
ssh             30035/udp                            # SSH Remote Login Protocol

ssh 접속 시 root 접근 제한 설정

• PermitRootLogin yes

vi /etc/ssh2/sshd2_config

PermitRootLogin no

마지막으로 변경한 포트(30035)가 열려있는지 확인한다.

netstat-anp | grep 30035

Restricting which users can log in

The syntax is:

DenyUsers user1 user2 user3
Use DenyUsers to block user login. You can use wild cards as well as user1@cyberciti.com (user1 is not allowed to login from cyberciti.com host) pattern.

DenyGroups group1 group2

A list of group names, if user is part of primary of supplementary group login access is denied. You can use wildcards. Please note that you cannot use a numeric group or username ID. If these directives are not used, default is to allow everyone.

 

Allowing selected users or group explicitly to log in

The syntax is:

AllowUsers user1 user2

This directive is opposite of DenyUsers directive i.e. user1 and user2 are only allowed to log in into the server.

AllowGroups group1 group2

This directive is opposite of DenyGroups directive i.e. members of group1 and group2 users are only allowed to log in into the server.

 

참고URL

- http://www.cyberciti.biz/tips/openssh-deny-or-restrict-access-to-users-and-groups.html