A Linux Playground

My doodles and what I get up to.

SSH and Its Server Setup

SSH is a way of remotely logging into a computer securely. It was invented to replace telnet which transmitted passwords in plain text to the computer and so could easily be snooped.

Installation

The ssh client is installed by default on most Linux distributions. On Linux Debian based machines the server can be installed by issuing

1

sudo apt-get install openssh-server

Configuration and options

The SSH server is configured by the text file /etc/ssh/sshd_config. Important options are

  • Protocol 2 . This is used to ensure that only the newer protocol two is used as the first one has attack vectors that completely compromise it’s use.
  • Port [number]. This option allows you to change the port that the server will listen on. It by default listens to port 22
  • PermitRootLogin no. This option is highly recommend as logging root is taboo due to the accidental damage that can be done. Not just that however logging in as a lower level user and using the sudo command allows accountability.
  • PermitEmptyPassword no. This tells the server to not allow login attempts that contain an empty password. This is important to help with the enforcement of a password policy. It is also EXTREMELY bad to allow any account to have no password at all.
  • X11Forwarding [yes|no]. This option allows the X windowing graphical display appications (not apps!) to be forwarded to the client computer and displayed using an X window server. This is very straight forward on Linux machine which have X installed by default.
  • TCPKeepAlive yes. This option will keep the SSH connection open during periods of no use.
  • AllowUsers [list of users]. This option allows the server admin to grant SSH login access ONLY to the listed users. Conversely DenyUsers allows all users to login but deny those listed.
  • AllowGroups [list of groups]. If restricted SSH access is needed and there are many user accounts. It is easier to use a group policy. Creating a group sshaccess and adding users to this group that need SSH usage. AlternativelyDenyGroups could be used.

After making changes to the configuration file you need to restart the ssh deamon.

1

 sudo service ssh restart