閮剔粹嗉祉
頛抵赤 啣祝

52AV璈A|52AV.ONE

 曉撖蝣
 蝡唾酉
敹急瑕
  • av隢憯BBS
  • 璈A
  • 芣瑟憭瘚
  • 鞎澆
  • 52av鋆貉摰
  • 典啣
  • 銝剜-銝剖銝餅
Yahoo!憟拇撠
望: 璈A
Google憟拇撠
望: 璈A
52AV璈A|52AV.ONE»av隢憯 鞈閮蝘 隡箸蝡(Server) 靽格 sshd 閮剖 ,閮剖瑼 /etc/ssh/sshd_config ...
     
餈銵 潭啣
亦: 3239|敺: 0
銝銝銝駁 銝銝銝駁

[ssh] 靽格 sshd 閮剖 ,閮剖瑼 /etc/ssh/sshd_config

[銴鋆賡包
IT_man
頝唾唳摰璅撅
璅銝
潸” 2015-12-28 10:28:36 | 芰閰脖 撣 |摨閬 |梯璅∪
vi /etc/ssh/sshd_config
' I2 t, F: Q3 V3 r' I0 ?6 `) }9 i( w
1.靽格寥閮 port (舐典銵憭 port): @# ^! a* }9 L. c9 ~# G1 q: y& K3 ]/ K
Port <port>
. A+ {! |: u# m2 C) C" X3 f. j( T3 v9 e- c# t0 d# j0 B
2.賜孵 ip (拍冽澆蝬脣/憭 IP 敶)1 R3 L/ D' o" D6 _
ListenAddress 192.168.1.10+ d1 |% d# t; x* ~" X! U" {% z; u
/ u, {: s& h* u" B2 T1 W. |8 _
3.蝳甇 root 餃
  q/ _5 y5 }- o4 w) qPermitRootLogin no! C; T! J/ y  O) C
蝞∠敹隞亙鈭箏董餃伐 su root嚗拍 sudo 撌乩
  t0 l) P3 f5 @$ \
  E  w8 Y$ \) n7 s+ O" f4.蝳甇V蝙函征撖蝣潛餃
6 X& D( P( K# @% s$ FPermitEmptyPasswords no
! \: C0 t8 S9 S$ P5 d& s0 Y
3 X1 Z! H; B" g1 G2 k# B5.閮望蝯孵撣唾蝢斤餃  M. A! x: V' y/ o
AllowUsers <user1> <user2> <user3>7 S3 O* V% x) j$ {1 ^; @5 R
AllowGroups <group>9 R- k2 o) T0 o6 S
DenyUsers *; v! e) F0 P7 X1 p' [2 c
DenyGroups no-ssh
* t: |  y; @2 j( e$ R1 Z; Z% ?寞撖阡嚗撠澆銝撣唾閮嚗憒 Allow 頝 Deny 閰梧蝯 Deny 8 w) a; u% P; F/ `$ ]& g: G6 y

* K; w# A: y8 Y2 m( B; C- V$ @; i6.撱a文蝣潛駁嚗撘瑁翰雿輻 RSA/DSA 撽霅& n) X/ {, \- r# p  U$ P
RSAAuthentication yes, G" @% L! ~. S! m, Z
PubkeyAuthentication yes( g% o4 V- n2 ]
AuthorizedKeysFile %h/.ssh/authorized_keys# S/ \+ Z/ V( ~5 _
PasswordAuthentication no
6 g7 i& I1 c, [! l- r銝衣Ⅱ靽 user ~/.ssh 甈 700嚗撠閰 user public key 亙 ~/.ssh/authorized_keys 銝准Public key Y孵舀撠 ssh-keygen
1 V/ D* h' w" T) C
0 s3 h1 @' t/ B, l1 n: A, s9 q7.閮 SSHv2" l% `4 d3 n( s0 \/ n7 n" q' @
Protocol 2: ^5 T& G- q  L: ]% R5 y! t% c( g8 g
* Z9 y" O% l# w0 b. y- z" o& b
8.嗥孵雿輻刻蝢斤銝餅雿餃亥綽鋆∩誑 somebody handsomebody 銝臭蝙典蝣潛餃亦箔' w5 [5 c1 }( c! h) g4 U
Match User somebody,handsomebody- L. s" V# U, ^7 N8 `
PasswordAuthentication no雿輻 TCP wrappers 嗡皞 IP
& }, F. R5 f. m! V6 t# vim /etc/hosts.deny
% S3 x6 y  V9 [" U% q5 ksshd: ALL
. r. F; R$ q2 T  q# c1 C" }) d0 n# vim /etc/hosts.allow
4 m2 v$ F5 I+ E: G" x8 i* Qsshd: 192.168.1 1.2.3.4 # 閮 192.168.1.* 1.2.3.4 蝺
% \$ F% D- C5 ]: z; M0 d/ V( x" p* O& s& ?  m9 M0 V
9.雿輻 iptables 嗡皞 IP
- I8 ]/ z" C2 d7 D# iptables -A INPUT -p tcp -m state --state NEW --source 1.2.3.4 --dport 22 -j ACCEPT5 P# R7 B% x' Z' J& M( v; O
# iptables -A INPUT -p tcp --dport 22 -j DROP# M2 J& e3 {* L% ?
閮剖蝡喟嚗亙璈敺賭摮嚗閬脣 iptables 閮剖
' c5 v# c3 f/ q) C1 z3 v/ e) n* U% F
10.摰! E3 \& J; [4 {# {
雿臭誑雿輻其iptables訾嗅訕SH伐霈嗅其孵蝭批臭誑伐嗡銝賡乓雿臭誑其Y隞颱靘摮銝凋蝙 /second/minute/hour /day 7 D5 H# r  t9 Q5 M$ E1 |
蝚砌靘摮嚗憒銝冽嗉撓乩航炊撖蝣潘摰銝找閮勗刻赤SSH嚗璅瘥冽嗅其批芾賢閰虫甈∠駁9 S9 b: h3 V( I4 v  ]
  # iptables -A INPUT -p tcp -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 1 -j ACCEPT
) z5 x  ?+ M$ j$ i! v  # iptables -A INPUT -p tcp -m state --syn --state NEW --dport 22 -j DROP$ u! {5 E" q% N1 R- ^
蝚砌靘摮嚗閮剔蔭iptables芸閮曹蜓璈193.180.177.13亙訕SH嚗典閰虫甈∪仃駁詨嚗iptables閮梯府銝餅瘥閰虫甈∠駁' v( E6 p9 A% j# c/ [
  # iptables -A INPUT -p tcp -s 193.180.177.13 -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 1 -j ACCEPT
- @4 |. {4 y0 i/ ^( h3 b' C  # iptables -A INPUT -p tcp -s 193.180.177.13 -m state --syn --state NEW --dport 22 -j DROP
& V; @0 V; Q: v% ^3 L( R  i0 l3 \  O# H1 l1 W
11.瑼X亦賊瑼獢甈嚗銝摰典銝閮梁餃
  T/ b+ x- w1 Z4 {; i8 f6 IStrictModes yes% [/ M5 ~: e  h: K; m
鈭賊瑼獢甈閮剖交航炊嚗航賡摰冽折◢芥憒雿輻刻 ~/.ssh/authorized_keys 甈亦 666嚗航賡嗡鈭箏臭誑典董, t8 z/ ?* t4 i4 ~) J  `- T8 g

7 p+ H1 ?" P* K. p" B7 B7 d) b12.芾雿輻刻餃交憿舐內 banner (閰梯牧頝摰冽扳隞暻潮靽...? 憭扳臭誑函冗鈭斗孵頝憯鈭箏...= =a)( c4 X! ~: f2 g8 c  L# d
Banner /etc/ssh/banner # 隞餅摮瑼, R$ D9 e* U% d) |5 T" J- D1 W

1 y6 `, l* s$ v& J13. su/sudo   c: k* G/ A2 F$ g
# vi /etc/pam.d/su
5 o& \* @8 x7 d" a0 r. n7 m7 L0 W    auth       required     /lib/security/$ISA/pam_wheel.so use_uid4 @( g$ N5 D# Q3 d, y  F
# visudo& `0 C0 ^! d2 A* _7 T9 F1 y
    %wheel  ALL = (ALL) ALL
" u! n$ F# {: Y8 G( `0 @# gpasswd -a user1 wheel8 p3 ]0 O' N+ B( |0 W' ^1 \/ H

7 e) S4 O( b3 i( }4 D) a14. ssh 雿輻刻5 [! [5 e7 D. P7 e9 I4 J
# vi /etc/pam.d/sshd$ {+ I* B" S4 r4 w) D
    auth required pam_listfile.so item=user sense=allow file=/etc/ssh_users onerr=fail
- ^! Y* S  Y4 U% T4 P# echo <username> >> /etc/ssh_users
/ |, G& e9 f; g+ O15.脫迫SSH蝺暹(timeout),霈PuTTY SSH 銝港蝺
/ n- l1 S; F6 U, i    靽格/etc/ssh/sshd_config( P0 V9 O* ^) G+ _
#TCPKeepAlive yes
2 X* _- b) H! K#ClientAliveInterval 0
' |0 Y% n- o0 A0 a#ClientAliveCountMax 3
3 @1 n9 g4 h1 s! b4 J0 z" W5 m     撠#踵==>摮瑼9 w! @" g& Y6 ]
#service ssd restart ==>sshd, [: v  B8 L$ n5 E; P2 z8 c
    乩靘靽格 Pietty 賂脣PuTTY 蝺閮剖:
: c6 }9 ~4 m! a5 g- V    豢Connection殷撠Seconds between keepalives [0 to turn off]喲甈雿頛詨交撟曄嚗喲銝null撠隞乩蝺% @! E6 x+ L/ G- H

3 ]! \0 H7 |! U; c  u4 o2 R
sshd

雿輻券

餈銵 潭啣

祉蝛閬

BT蝳

砍憛批捆靘餉衣雯頝臬批捆蝝颲行粹嗥蝬脩嚗摰撟湔遛嚗嚗甇脖誑銝嗅啣摰嗆摰撟湧翩鈭箏ㄚ孵舫脣伐銝憿亙祉璇甈橘芣遛18甇 雓蝯脣亦閬賬粹脩芣遛18甇脖芣撟渡雯閬賜雯頝臭嗥批捆鞈閮嚗撱箄降典舫脰蝬脰楝批捆蝝蝯蝜ICRA蝝摰鋆閮剖 (粹蝯行霅 祉蝬脣銝蝝瘛函隢憯啣嚗祉閮剜蝞∠)

QQ|撠暺撅||52AV璈A

GMT+8, 2024-11-6 06:56 , Processed in 0.074835 second(s), 19 queries .

蝯∠.撱

52avtv@gmail.com | QQ:2405733034     since 2015-01

鋆貉憒 敹恍敺 餈銵