52AV璈A|52AV.ONE

 曉撖蝣
 蝡唾酉
敹急瑕
  • av隢憯BBS
  • 璈A
  • 芣瑟憭瘚
  • 鞎澆
  • 52av鋆貉摰
  • 銝剜-銝剖銝餅
Yahoo!憟拇撠
望: 璈A
Google憟拇撠
望: 璈A
     
亦: 3259|敺: 0
銝銝銝駁 銝銝銝駁

[ssh] 靽格 sshd 閮剖 ,閮剖瑼 /etc/ssh/sshd_config

[銴鋆賡包
頝唾唳摰璅撅
璅銝
潸” 2015-12-28 10:28:36 | 芰閰脖 撣 |摨閬 |梯璅∪
vi /etc/ssh/sshd_config
# p# T) ]; z2 ]2 ]' q6 F) K; }9 w6 v) @" C5 w
1.靽格寥閮 port (舐典銵憭 port)/ T5 u' o9 t3 k+ ^1 V: O% V8 W
Port <port>
! n) n6 W* t3 u' G4 f3 |1 s: ^
6 ~8 Q6 a4 V5 Q* b; d2.賜孵 ip (拍冽澆蝬脣/憭 IP 敶)
( x" \, E2 @; R9 ~' [ListenAddress 192.168.1.10' t' @' o) M0 j: w0 s

. ^0 L' i; R5 g7 K3.蝳甇 root 餃5 j) ?% a5 f+ ?% X2 u2 w6 f
PermitRootLogin no
. O- q8 ~  T5 f( o" \0 M5 f: `; ~蝞∠敹隞亙鈭箏董餃伐 su root嚗拍 sudo 撌乩* u4 I# u8 [7 U; q: u

2 N* g' a7 `! L4 G; t7 j: a4.蝳甇V蝙函征撖蝣潛餃
- t" b: i- U  d5 c2 I" ]7 W; D- X( _PermitEmptyPasswords no
$ n- x6 ~2 i3 H" N1 g5 `  u7 X8 ]+ b* J
5.閮望蝯孵撣唾蝢斤餃
; a0 T1 I- L5 D9 u; J% V6 E4 q% MAllowUsers <user1> <user2> <user3>7 \: y; O/ e& h& B' `* u
AllowGroups <group>
3 z4 L6 T$ b, }' l" U! Y, eDenyUsers *
# g( i! v1 P8 a" _$ d, [/ K5 Z. VDenyGroups no-ssh+ J; N; B; v  G% y" x5 K: D' }
寞撖阡嚗撠澆銝撣唾閮嚗憒 Allow 頝 Deny 閰梧蝯 Deny 4 K4 v/ z: f" ]
% T1 s  @/ A8 a, K
6.撱a文蝣潛駁嚗撘瑁翰雿輻 RSA/DSA 撽霅
3 J0 s8 x/ C$ m6 V1 f3 e% VRSAAuthentication yes
$ _4 m; }0 E1 |5 n7 r3 XPubkeyAuthentication yes+ A) w( F; X! g7 w; c4 I' |
AuthorizedKeysFile %h/.ssh/authorized_keys
# w  v! \$ Y9 E3 I2 |+ g5 t  T8 zPasswordAuthentication no4 V% }  ?1 A, p, x  w- e
銝衣Ⅱ靽 user ~/.ssh 甈 700嚗撠閰 user public key 亙 ~/.ssh/authorized_keys 銝准Public key Y孵舀撠 ssh-keygen, H5 L9 m, T/ y* m5 L7 }
- b6 E  U& I" S% P! q
7.閮 SSHv2
* A7 R4 q7 l  Y/ uProtocol 27 {6 y6 P- p0 S! S, l6 H

% A" z" ]/ C* O+ u8.嗥孵雿輻刻蝢斤銝餅雿餃亥綽鋆∩誑 somebody handsomebody 銝臭蝙典蝣潛餃亦箔
9 \( O1 {( @5 Y  V. z7 A$ tMatch User somebody,handsomebody
7 U/ H% ?( O8 d7 P* bPasswordAuthentication no雿輻 TCP wrappers 嗡皞 IP
$ {; c: [3 {1 P6 p& A. S+ A9 a# vim /etc/hosts.deny3 @4 F2 M5 [/ N* P! Z( [6 X
sshd: ALL
9 A2 O# Y  [8 f/ }# vim /etc/hosts.allow
) Z: Z. d+ U5 tsshd: 192.168.1 1.2.3.4 # 閮 192.168.1.* 1.2.3.4 蝺
  X3 a6 U9 _2 V
1 K) K! j1 r" k3 e( |9.雿輻 iptables 嗡皞 IP
& C) a" P. n( \, D& Q1 {& T2 P# iptables -A INPUT -p tcp -m state --state NEW --source 1.2.3.4 --dport 22 -j ACCEPT$ S6 M4 d* ^( h, c9 O. c  t9 e, }
# iptables -A INPUT -p tcp --dport 22 -j DROP
$ q+ t2 P# O0 k3 z閮剖蝡喟嚗亙璈敺賭摮嚗閬脣 iptables 閮剖( H+ M. w* p# I, H
2 t: [8 c6 Q% P/ C
10.摰
- @3 \  ^# E9 }" n# W" k. B7 ?雿臭誑雿輻其iptables訾嗅訕SH伐霈嗅其孵蝭批臭誑伐嗡銝賡乓雿臭誑其Y隞颱靘摮銝凋蝙 /second/minute/hour /day
9 r7 P3 O. E: e1 m$ D+ U$ D蝚砌靘摮嚗憒銝冽嗉撓乩航炊撖蝣潘摰銝找閮勗刻赤SSH嚗璅瘥冽嗅其批芾賢閰虫甈∠駁$ y8 B  _5 {& Z8 y2 p1 H$ F
  # iptables -A INPUT -p tcp -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 1 -j ACCEPT
7 x9 F. y8 t& {4 x, G5 p% U  # iptables -A INPUT -p tcp -m state --syn --state NEW --dport 22 -j DROP3 x$ d; C5 O6 K! v4 P% L1 U
蝚砌靘摮嚗閮剔蔭iptables芸閮曹蜓璈193.180.177.13亙訕SH嚗典閰虫甈∪仃駁詨嚗iptables閮梯府銝餅瘥閰虫甈∠駁
2 o+ \3 i- N8 d/ W8 ]0 N  O8 |  # iptables -A INPUT -p tcp -s 193.180.177.13 -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 1 -j ACCEPT
+ [- K! N. T7 T& Q  # iptables -A INPUT -p tcp -s 193.180.177.13 -m state --syn --state NEW --dport 22 -j DROP
# \2 S- w  N# Q& r. Q* f
% X  R5 g) h7 ^) g/ e11.瑼X亦賊瑼獢甈嚗銝摰典銝閮梁餃
- C! ^4 W6 r0 \4 Q/ H* y- a# L- sStrictModes yes+ l- i) J  Z0 x5 u  e& s
鈭賊瑼獢甈閮剖交航炊嚗航賡摰冽折◢芥憒雿輻刻 ~/.ssh/authorized_keys 甈亦 666嚗航賡嗡鈭箏臭誑典董
7 `+ B# H; ^7 v7 Q' u* s. {# q% d* s# n
12.芾雿輻刻餃交憿舐內 banner (閰梯牧頝摰冽扳隞暻潮靽...? 憭扳臭誑函冗鈭斗孵頝憯鈭箏...= =a)/ K1 D- X0 \/ I/ T/ t
Banner /etc/ssh/banner # 隞餅摮瑼
$ e+ Y0 ^( W. D; ?
1 |7 h% A  ?) _9 h( C* E+ g$ p" |$ E13. su/sudo * b; O( l. y7 D' h7 e  ]8 w
# vi /etc/pam.d/su8 m! `8 {/ Y/ j3 v2 t
    auth       required     /lib/security/$ISA/pam_wheel.so use_uid
: f  k: l8 Z5 J; `( y# visudo
" z1 U6 w+ Y/ E7 C9 J" p    %wheel  ALL = (ALL) ALL" ~/ k, F. E& [$ L: K: g$ U6 A. N
# gpasswd -a user1 wheel
1 T& w% k) P8 R# v* k
& g( ~. E+ M" y, L& A* F14. ssh 雿輻刻
. j4 b# G3 j. C: G4 t( @* D( N+ v0 h3 H# vi /etc/pam.d/sshd
: f0 `# s) I2 \. e) \- I& k: L+ u    auth required pam_listfile.so item=user sense=allow file=/etc/ssh_users onerr=fail7 W7 k& ]# C" H. D3 N8 O
# echo <username> >> /etc/ssh_users
7 i* G+ m0 E0 Y/ d4 ^& ^15.脫迫SSH蝺暹(timeout),霈PuTTY SSH 銝港蝺
% \; G8 i, Q" e" w6 v( \    靽格/etc/ssh/sshd_config! Z0 ]5 Z( a( H. K, g) {
#TCPKeepAlive yes4 @3 u* u, Z, ?+ R# |  T8 O( N
#ClientAliveInterval 0) S, f6 i* ~6 @. C9 m
#ClientAliveCountMax 3

1 }' c; [5 z& I9 r$ Z
     撠#踵==>摮瑼) K! M) w6 }8 ^. E& t
#service ssd restart ==>sshd) k: q+ ?5 X9 j; Q
    乩靘靽格 Pietty 賂脣PuTTY 蝺閮剖:. j! L8 z# A6 W4 z
    豢Connection殷撠Seconds between keepalives [0 to turn off]喲甈雿頛詨交撟曄嚗喲銝null撠隞乩蝺

6 L: x4 J7 l" S8 y7 G$ H% A2 u$ g7 f) t

雿輻券

祉蝛閬

BT蝳

砍憛批捆靘餉衣雯頝臬批捆蝝颲行粹嗥蝬脩嚗摰撟湔遛嚗嚗甇脖誑銝嗅啣摰嗆摰撟湧翩鈭箏ㄚ孵舫脣伐銝憿亙祉璇甈橘芣遛18甇 雓蝯脣亦閬賬粹脩芣遛18甇脖芣撟渡雯閬賜雯頝臭嗥批捆鞈閮嚗撱箄降典舫脰蝬脰楝批捆蝝蝯蝜ICRA蝝摰鋆閮剖 (粹蝯行霅 祉蝬脣銝蝝瘛函隢憯啣嚗祉閮剜蝞∠)

QQ|撠暺撅||52AV璈A

GMT+8, 2024-11-22 01:06 , Processed in 0.072026 second(s), 19 queries .

蝯∠.撱

52avtv@gmail.com | QQ:2405733034     since 2015-01

鋆貉憒 敹恍敺 餈銵