Kawm SSH: SSHD Config File Options and Parameters

Kawm SSH: SSHD Config File Options and Parameters

Kawm SSH: SSHD Config File Options and Parameters

hauv yav dhau los (plaub) ntu ntawm no series ntawm posts nyob rau Kawm SSH peb hais txog cov kev xaiv tau teev tseg hauv OpenSSH configuration file uas yog tuav ntawm sab ntawm lub Cov neeg siv SSH, uas yog, cov ntaub ntawv "SSHConfig" (ssh_config).

Vim li no, hnub no peb yuav txuas ntxiv hauv qhov no penultimate thiab thib tsib tus me nyuam, nrog rau cov kev xaiv teev nyob rau hauv lub OpenSSH configuration file uas yog tuav ntawm sab ntawm lub ssh-server, uas yog, cov ntaub ntawv "SSHD Config" (sshd_config).

Kawm SSH: SSH Config File Options and Parameters

Kawm SSH: SSH Config File Options and Parameters

Thiab, ua ntej pib lub ntsiab lus niaj hnub no, hais txog cov ntsiab lus tswj tau ntawm cov ntaub ntawv OpenSSH "SSHD Config" (sshd_config), peb yuav tawm qee qhov txuas ntawm muaj feem xyuam posts:

Kawm SSH: SSH Config File Options and Parameters
Tshooj lej:
Kawm SSH: SSH Config File Options and Parameters

Kawm SSH: Cov Kev Xaiv thiab Kev Teeb Meem Tsis Zoo
Tshooj lej:
Kawm SSH: Cov Kev Xaiv thiab Kev Teeb Meem - Ntu I

SSHD Config File Options thiab Parameters (sshd_config)

SSHD Config File Options thiab Parameters (sshd_config)

Dab tsi yog SSHD Config (sshd_config) cov ntaub ntawv rau OpenSSH?

Raws li peb tau hais hauv qhov kev qhia dhau los, OpenSSH muaj 2 cov ntaub ntawv teeb tsa. ib npe ssh_config rau configuration ntawm SSH tus neeg siv khoom sab thiab lwm yam hu sshd_config rau sab configuration ssh-server. Ob leeg, nyob rau hauv txoj kev hauv qab no los yog phau ntawv teev npe: /etc/ssh.

Yog li ntawd, qhov no feem ntau tseem ceeb dua los yog cuam tshuam, vim nws tso cai rau peb ruaj ntseg SSH kev sib txuas uas peb yuav tso cai rau hauv peb cov servers. Uas feem ntau yog ib feem ntawm ib yam dab tsi hu ua Server Hardening.

Dab tsi yog SSHD Config (sshd_config) cov ntaub ntawv rau OpenSSH?

Vim li no, hnub no peb yuav qhia ntau yam ntawm cov kev xaiv thiab cov tsis muaj nyob rau hauv cov ntaub ntawv hais tias yog rau, nyob rau hauv peb kawg thiab thib rau ntu ntawm no series muab ntau cov tswv yim thiab cov tswv yim tiag tiag yuav ua li cas hloov kho lossis hloov pauv los ntawm cov kev xaiv thiab cov kev txwv.

Daim ntawv teev cov kev xaiv uas twb muaj lawm thiab tsis muaj

Daim ntawv teev cov kev xaiv uas twb muaj lawm thiab tsis muaj

raws li nyob rau hauv cov ntaub ntawv "SSH Config" (ssh_config), cov ntaub ntawv "SSHD Config" (sshd_config) muaj ntau txoj kev xaiv thiab tsis, tab sis ib qho ntawm cov paub zoo tshaj plaws, siv los yog tseem ceeb Lawv yog cov hauv qab no:

AllowUsers / DenyUsers

Qhov kev xaiv los yog qhov ntsuas no feem ntau tsis suav nrog lub neej ntawd hauv cov ntaub ntawv hais, tab sis tso rau hauv nws, feem ntau thaum kawg ntawm nws, nws muaj peev xwm ua tau. qhia tias leej twg lossis leej twg (cov neeg siv) tuaj yeem nkag mus rau hauv server ntawm SSH kev sib txuas.

Yog li ntawd, qhov kev xaiv no los yog parameter yog siv nrog a daim ntawv teev cov qauv siv lub npe, sib cais los ntawm qhov chaw. Yog li ntawd, yog hais tias, tus ID nkag mus, ces tib yam tsuas yog tso cai rau cov npe siv uas phim ib qho ntawm cov qauv.

Nco ntsoov tias los ntawm lub neej ntawd, nkag mus rau txhua tus neeg siv ntawm ib tus tswv tsev. Txawm li cas los xij, yog tias tus qauv raug teeb tsa zoo li no "USER@HOST", yog li USER thiab HOST lawv raug txheeb xyuas nyias, uas txwv tsis pub nkag mus rau cov neeg siv tshwj xeeb los ntawm cov tswv tsev tshwj xeeb.

Thiab rau XEEM, chaw nyob hauv hom ntawv IP chaw nyob / CIDR daim npog qhov ncaujCov. Txog thaum kawg, Tso caiUsers tuaj yeem hloov los ntawm DenyUsers tsis lees paub cov qauv siv tib yam.

Mloog Chaw nyob

Tso cai rau koj los qhia txog qhov chaw nyob hauv thaj chaw IP (hauv zos network interfaces ntawm lub tshuab server) uas qhov kev pab cuam sshd yuav tsum mloog. Thiab rau qhov no, cov ntaub ntawv hauv qab no tuaj yeem siv tau:

  • ListenAddress hostname | IPv4/IPv6 chaw nyob [domain]
  • ListenAddress hostname: chaw nres nkoj [domain]
  • ListenAddress IPv4/IPv6 chaw nyob: chaw nres nkoj [domain]
  • ListenAddress [hostname | IPv4/IPv6 chaw nyob] : chaw nres nkoj [domain]

LoginGraceTime

Tso cai rau koj teev ib lub sijhawm (ntawm kev tshav ntuj), tom qab ntawd, tus neeg rau zaub mov disconnects, yog tias tus neeg siv uas tab tom sim ua qhov kev sib txuas SSH tsis ua tiav. Yog tias tus nqi yog xoom (0), nws tau teem tseg tias tsis muaj sijhawm txwv, thaum Default yog teem rau 120 vib nas this.

LogLevel

Tso cai rau koj los qhia txog qhov theem kev hais lus rau sshd log lus. thiab nwsKev tswj hwm qhov tseem ceeb yog: QUIET, FATAL, YOOJ YIM, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, thiab DEBUG3. Thaum, thiabTus nqi pib yog INFO.

MaxAuthTries

Qhia kom meej tus lej siab tshaj plaws ntawm kev ua pov thawj tau tso cai rau ib qho kev sib txuas. Los ntawm lub neej ntawd, nws tus nqi yog teem rau 6.

MaxSessions

Tso cai rau koj los qhia txog qhov ntau tshaj plaws ntawm qhib Plhaub ntu ntawm ib qho kev sib txuas network tsim, los ntawm kev nkag mus lossis los ntawm subsystem siv, piv txwv li ntawm sftp. Eteem nws tus nqi rau 1 yuav ua rau kev sib tham multiplexing yuav tsum tsis ua haujlwm, thaum teem nws rau 0 yuav thaiv txhua hom kev sib txuas thiab kev sib tham. Los ntawm lub neej ntawd, nws tus nqi yog teem rau 10.

MaxStartups

Tso cai rau koj qhia qhov siab tshaj plaws ntawm kev sib txuas tsis muaj kev lees paub rau SSH daemon, piv txwv li tus naj npawb ntawm SSH kev sib txuas uas tuaj yeem qhib ib tus IP/Host. Nws lub neej ntawd tus nqi feem ntau yog 10, 30, lossis 100, uas feem ntau suav tias yog siab, yog li pom zoo tus nqi qis dua.

Password Authentication

Qhia meej seb puas yuav tsum muaj kev lees paub tus password. Los ntawm lub neej ntawd, nws tus nqi yog teem rau "Yog".

AllowEmptyPasswords

Qhia meej seb tus neeg rau zaub mov puas yuav pom zoo (tso cai) nkag mus rau hauv cov neeg siv nyiaj nrog cov kab lo lus zais khoob. Los ntawm lub neej ntawd, nws tus nqi yog teem rau "Tsis yog".

Ntawv Tso CaiRootLogin

Tso cai rau koj txheeb xyuas seb tus neeg rau zaub mov puas yuav pom zoo (tso cai) pib nkag mus rau hauv cov neeg siv cov hauv paus account. Txawm li cas los xij, dLos ntawm lub neej ntawd, nws tus nqi yog teem rau "txhais-password", zoo tagnrho teem rau "Tsis yog", uas tag nrho teeb tsa qhov ntawd tus neeg siv hauv paus tsis raug tso cai los pib qhov kev sib tham SSH.

Chaw nres nkoj

Tso cai rau koj qhia tus naj npawb chaw nres nkoj los ntawm qhov kev pab cuam sshd yuav mloog rau txhua qhov kev thov kev sib txuas SSH. Los ntawm lub neej ntawd, nws tus nqi yog teem rau "22".

StrictModes

Qhia meej seb qhov kev pab cuam SSH yuav tsum txheeb xyuas cov hom ntaub ntawv thiab cov tswv cuab ntawm tus neeg siv lub tsev thiab cov ntaub ntawv ua ntej lees txais tus ID nkag mus. Los ntawm lub neej ntawd, nws tus nqi yog teem rau "Yog".

SyslogFacility

Tso cai rau lub installation code yuav tsum tau muab uas yog siv thaum kaw lus los ntawm qhov kev pab cuam SSH. Los ntawm lub neej ntawd, nws tus nqi yog teem rau "Kev Tso Cai" (AUTH).

Ceeb toom: Nyob ntawm tus Sysadmin thiab kev ruaj ntseg yuav tsum tau ntawm txhua lub tshuab thev naus laus zis, ntau lwm yam kev xaiv tuaj yeem ua tau zoo heev lossis tsim nyog. Raws li peb yuav pom hauv peb cov ntawv tshaj tawm tom ntej thiab zaum kawg hauv cov koob no, qhov twg peb yuav tsom mus rau cov kev coj ua zoo (cov lus qhia thiab cov lus pom zoo) ntawm SSH, yuav tsum tau siv txhua yam qhia txog tam sim no.

Xav paub ntau ntxiv txog SSH

Yog xav paub ntxiv

Thiab nyob rau hauv plaub ntu no, mus nthuav cov ntaub ntawv no thiab kawm txhua tus thiab txhua tus ntawm cov kev xaiv thiab cov tsis muaj nyob rau hauv configuration ntawv "SSHD Config" (sshd_config)Peb pom zoo kom tshawb nrhiav cov txuas hauv qab no: SSH configuration file rau OpenSSH Server y Official OpenSSH Phau Ntawv Qhia, hauv lus Askiv. Thiab ib yam li hauv peb ntu dhau los, tshawb xyuas cov hauv qab no cov ntsiab lus raug thiab trustworthy online txog SSH thiab OpenSSH:

  1. Debian Wiki
  2. Debian Administrator phau ntawv qhia: Chaw taws teeb nkag / SSH
  3. Debian Security Manual: Tshooj 5. Kev Pabcuam Kev Ruaj Ntseg
Tshooj lej:
Kawm SSH: Kev teeb tsa thiab teeb tsa cov ntaub ntawv
Qhib Secure Plhaub (OpenSSH): Ib me ntsis ntawm txhua yam hais txog SSH thev naus laus zis
Tshooj lej:
Qhib Secure Plhaub (OpenSSH): Ib me ntsis ntawm txhua yam hais txog SSH thev naus laus zis

Roundup: Banner ncej 2021

Abstract

Nyob rau hauv luv luv, nrog no tshiab installment rau "Kev Kawm SSH" peb yuav luag tiav cov ntsiab lus piav qhia ntawm txhua yam ntsig txog OpenSSH, los ntawm kev muab cov kev paub tseem ceeb txog cov ntaub ntawv teeb tsa "SSHD Config" (sshd_config) y "SSH Config" (ssh_config). Yog li ntawd, peb cia siab tias nws yuav muaj txiaj ntsig zoo rau ntau tus, ntawm tus kheej thiab kev tshaj lij.

Yog tias koj nyiam cov ntawv no, nco ntsoov comment rau nws thiab qhia rau lwm tus. Thiab nco ntsoov, mus saib peb «homepage» los tshawb txog xov xwm ntau ntxiv, ntxiv rau koom nrog peb kev channel ntawm Telegram los ntawm DesdeLinux, Sab hnub poob pab pawg yog xav paub ntxiv txog lub ntsiab lus niaj hnub no.


Cov ntsiab lus ntawm tsab xov xwm ua raws li peb cov ntsiab cai ntawm kev tswj hwm kev ncaj nceesCov. Tshaj tawm ib qho yuam kev nyem no.

Yog thawj tus tuaj tawm tswv yim

Tso koj saib

Koj email chaw nyob yuav tsis tsum luam tawm.

*

*

  1. Lub luag haujlwm rau cov ntaub ntawv: Miguel Ángel Gatón
  2. Lub hom phiaj ntawm cov ntaub ntawv: Tswj SPAM, kev tswj xyuas tawm tswv yim.
  3. Sau raws cai: Koj kev tso cai
  4. Kev sib txuas lus ntawm cov ntaub ntawv: Cov ntaub ntawv yuav tsis raug xa mus rau lwm tus neeg thib peb tsuas yog los ntawm kev txiav txim siab raug cai.
  5. Cov ntaub ntawv khaws cia: Cov Ntaub Ntawv khaws tseg los ntawm Occentus Networks (EU)
  6. Txoj Cai: Txhua lub sijhawm koj tuaj yeem txwv, rov qab thiab tshem tawm koj cov ntaub ntawv.