ubuntu SSH 보안설정
1./etc/ssh/sshd_config backup
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.org
2.주석제거후 /etc/ssh/sshd_config 생성
cat/etc/ssh/sshd_config.org |grep -v '#' >> /etc/ssh/sshd_config
3.기본포트 변경
sed -i "s/^Port 22/Port 3022/g" /etc/ssh/sshd_config
4.root 로그인 금지
sed -i "s/^PermitRootLogin without-password/PermitRootLogin no/g" /etc/ssh/sshd_config
5.password 인증 yes 설정
echo "PasswordAtuthentication yes" >> /etc/ssh/sshd_config
6.Client 체크 메세지 설정
echo "ClientAliveInterval 300" >> /etc/ssh/sshd_config echo "ClientAliveCountMax 3" >> /etc/ssh/sshd-config
7.sshd_config 확인
Port 3022 Protocal 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key UserPrivilegeSeparation yes KeyRegenerationIntterval 3600 ServerKeyBits 1024 SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 PermitRootLogin no StrictModes yes RDAAuthentication yes PubkeyAuthentication yes IgnoreThosts yes RhostsRSAAuthentication no HostbaseAuthenyication no PermitEmptyPasswords no ChallengeResponseAuthentication no X11Forwarding yes X11Displayoffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes ClientAliveInterval 300 ClientAliveCountMax 3 PasswordAuthentication yes