화요일, 12월 10, 2024
HomeLinuxubuntu SSH 보안설정

ubuntu SSH 보안설정

ubuntu SSH 보안설정

1./etc/ssh/sshd_config backup

mv /etc/ssh/sshd_config /etc/ssh/sshd_config.org

2.주석제거후 /etc/ssh/sshd_config 생성

cat/etc/ssh/sshd_config.org |grep -v '#' >> /etc/ssh/sshd_config

3.기본포트 변경

sed -i "s/^Port 22/Port 3022/g" /etc/ssh/sshd_config

4.root 로그인 금지

sed -i "s/^PermitRootLogin without-password/PermitRootLogin no/g" /etc/ssh/sshd_config

5.password 인증 yes 설정

echo "PasswordAtuthentication yes" >> /etc/ssh/sshd_config

6.Client 체크 메세지 설정

echo "ClientAliveInterval 300" >> /etc/ssh/sshd_config
echo "ClientAliveCountMax 3" >> /etc/ssh/sshd-config

7.sshd_config 확인

Port 3022
Protocal 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UserPrivilegeSeparation yes

KeyRegenerationIntterval 3600
ServerKeyBits 1024

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RDAAuthentication yes
PubkeyAuthentication yes

IgnoreThosts yes
RhostsRSAAuthentication no
HostbaseAuthenyication no

PermitEmptyPasswords no

ChallengeResponseAuthentication no

X11Forwarding yes
X11Displayoffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes

AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes
ClientAliveInterval 300
ClientAliveCountMax 3
PasswordAuthentication yes
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular