Monday, December 26, 2011

SSH Server Configuration


SSH Server 

SSH: (Secure Shell) :

SSH protocol suite of network connectivity tools are used to encrypt connections accross the internet. SSH encrypts all traffic including logins and passwords to effectively eliminate network sniffing, connection hijacking, and other network-level attacks. In a regular telnet session the password is transmitted across the Internet unencrypted.

For Search openssh package installed or not :

[root@xnetbd xinetd.d]#     rpm -qa | grep openssh
openssh-clients-4.3p2-36.el5
openssh-4.3p2-36.el5
openssh-server-4.3p2-36.el5
openssh-askpass-4.3p2-36.el5

For install openssh by using yum:

[root@xnetbd xinetd.d]#     yum install openssh
Server configuration file /etc/ssh/sshd_config:

[root@xnetbd xinetd.d]#     vim /etc/ssh/sshd_config
PermitRootLogin no
Here we deny root user,This removes root, a known login on all Linux systems

[root@xnetbd xinetd.d]#     /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]

Now for testing purpose we try to login to our server:

login as: root
Access denied
root@192.168.50.30's password:
Access denied
SSH port no is 22 we can change this port for security purpose :

[root@xnetbd ~]# netstat -l

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:2208 *:* LISTEN
tcp 0 0 *:npmp-local *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 *:telnet *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 localhost:2207 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 ::1:ipp *:* LISTEN
udp 0 0 *:52789 *:*
udp 0 0 *:tunnel *:*
udp 0 0 *:nqs *:*
udp 0 0 *:mdns *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
udp 0 0 *:56658 *:*
udp 0 0 *:mdns *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 7295 @/tmp/fam-root-
unix 2 [ ACC ] STREAM LISTENING 5276 @/var/run/hald/dbus-pKI3nDZaOM
unix 2 [ ACC ] STREAM LISTENING 6920 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 5277 @/var/run/hald/dbus-yGdpSUaYEf
unix 2 [ ACC ] STREAM LISTENING 4545 /var/run/audispd_events
unix 2 [ ACC ] STREAM LISTENING 4993 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 5091 /var/run/sdp
unix 2 [ ACC ] STREAM LISTENING 5197 /var/run/pcscd.comm
unix 2 [ ACC ] STREAM LISTENING 5232 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 6825 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 6363 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 7068 /var/run/avahi-daemon/socket

[root@xnetbd ~]#     netstat -an | grep :22
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN
tcp 0 0 ::ffff:192.168.50.30:22 ::ffff:192.168.50.22:1080 ESTABLISHED

[root@xnetbd ~]#     netstat -tan | grep :22
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN
tcp 0 52 ::ffff:192.168.50.30:22 ::ffff:192.168.50.22:1080 ESTABLISHED
[root@xnetbd ~]# netstat -tulan | grep :22
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN
tcp 0 52 ::ffff:192.168.50.30:22 ::ffff:192.168.50.22:1080 ESTABLISHED
Here we search ssh port and found 22 port is works for tcp

Now we Replaced the 22 port with 888 port for SSH Server:

[root@xnetbd ~]#     netstat -an | grep :888
[root@xnetbd ~]#     vim /etc/ssh/sshd_config
Port 888
[root@xnetbd ~]#     /etc/init.d/sshd restart
Stopping sshd: [FAILED]
Starting sshd: [ OK ]
[root@xnetbd ~]#     ssh -p 888 saiful@192.168.50.30
login as: saiful
Access denied
saiful@192.168.50.30's password:
Last login: Wed Nov 2 02:45:34 2011 from 192.168.50.22

Configure SSH to allow or deny specific users:

[root@xnetbd ~]#     vim /etc/ssh/sshd_config

AllowUsers saiful rony
AllowGroups group1 group2

Here by default all other user and groups are denied,If wants to deny specific group or users just mansion: DenyUsers user_name , DenyGroups group_name

[root@xnetbd ~]#     /etc/init.d/sshd restart

login as: saiful
Access denied
saiful@192.168.50.30's password:
Last login: Wed Nov 2 02:45:34 2011 from 192.168.50.22

login as: rony
Access denied
rony@192.168.50.30's password:
[rony@xnetbd ~]$

login as: rajan
Access denied
rajan@192.168.50.30's password:
Access denied

login as:probal
Access denied
rajan@192.168.50.30's password:
Access denied

Here when we wants to login from saiful+rony then server allow those user,but we unable to login by using other users

If we wants to login as a root user then at first we can login with allowed user then switched to the root user :

login as: saiful
Access denied
saiful@192.168.50.30's password:
Last login: Wed Nov 2 02:50:24 2011 from 192.168.50.22
[saiful@xnetbd ~]$ su - root
Password:
[root@xnetbd ~]#