#PubkeyAuthentication yesAlthough the line is commented out, this is actually the default and as such does no need to be explicitly stated, if you wanted to prevent key based authentication, just add this line:
PubkeyAuthentication noAt any rate back to the objective. On the client, issue the following command, and follow the instructions, to generate a key:
ssh-keygenNote that you don't actually need to add a passphrase, just press enter. This will allow you to login without being prompted for a passprhase.
The last step is to copy the public key that you have just generated to the server you want to login to:
ssh-copy-id user@<servername>That's it, if you did not provide a passphrase, you should be able to login with:
ssh user@<servername>Note, that both ssh-keygen and ssh-copy-id have several options and that you should study them to see what they do.
I guess that in the exam you could be asked to install ssh, even if it does get installed by default. At any rate, just issue the following command:
yum install openssh-server -yYou should then make sure that it is set to run at boot time:
chkconfig sshd onYou can allow ssh traffic through by opening port 22:
iptables -I INPUT -p tcp --dport 22 -j ACCEPT; service iptables saveDepending on your configuration, you might need to change SELinux settings. You can check the SELinux settings like this:
getsebool -a | grep sshFinally, you can limit the users that can login by using the DenyUsers directive in the /etc/ssh/sshd_config file like so:
DenyUsers naughtyuserRemember to restart the daemon after any changes:
service sshd restartIf you want to prevent hosts from accessing SSH, you can do it by using iptables rules, e.g.:
iptables -I INPUT -p tcp --dport 22 -s 10.168.20.233 -j DROP; service iptables saveI think this pretty much covers this objective.
No comments:
Post a Comment