SSH file configuration Setting. and Testing

-

I am Using 2 VM for RHEL 8.x 

IP 192.168.122.228  Hostname server.example.com

IP 192.168.122.71   Hostname Client.example.com



1. How to Change ssh Port.

[root@server ~]# vim /etc/ssh/sshd_config ( Change below Line )

#Port 22

to 

Port 2022


[root@server ~]# systemctl  restart sshd


[root@Client ~]# ssh raju@192.168.122.228

ssh: connect to host 192.168.122.228 port 22: Connection refused


[root@Client ~]# ssh -p 2022 raju@192.168.122.228

raju@192.168.122.228's password: 

Last login: Thu Sep 22 10:05:53 2022 from 192.168.122.71

[raju@server ~]$ 



2. How to Change ssh LogLevel.

The possible values for LogLevel are:

QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. 

DEBUG2 and DEBUG3 each specify higher levels of debugging output. 


[root@server ~]# vim /etc/ssh/sshd_config ( Change below Line )

#LogLevel INFO

to 

LogLevel DEBUG


[root@server ~]# systemctl  restart sshd

[root@Client ~]# ssh raju@192.168.122.228

raju@192.168.122.228's password: 

Last login: Thu Sep 22 10:05:53 2022 from 192.168.122.71

[raju@server ~]$ sudo su - 

[raju@server ~]# tail -f /var/log/secure

Sep 22 10:20:47 server sshd[1267]: debug1: Forked child 1298.

Sep 22 10:20:47 server sshd[1298]: debug1: Set /proc/self/oom_score_adj to 0

Sep 22 10:20:47 server sshd[1298]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8

Sep 22 10:20:47 server sshd[1298]: debug1: inetd sockets after dupping: 3, 3

Sep 22 10:20:47 server sshd[1298]: Connection from 192.168.122.71 port 52040 on 192.168.122.228 port 2022

Sep 22 10:20:47 server sshd[1298]: debug1: Client protocol version 2.0; client software version OpenSSH_7.4

Sep 22 10:20:47 server sshd[1298]: debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000

Sep 22 10:20:47 server sshd[1298]: debug1: Local version string SSH-2.0-OpenSSH_7.4

Sep 22 10:20:47 server sshd[1298]: debug1: Enabling compatibility mode for protocol 2.0

Sep 22 10:20:47 server sshd[1298]: debug1: SELinux support disabled [preauth]

Sep 22 10:20:47 server sshd[1298]: debug1: permanently_set_uid: 74/74 [preauth]


3. How to disable root Login.

[root@server ~]# vim /etc/ssh/sshd_config ( Change below Line )

#PermitRootLogin yes

to

PermitRootLogin no


[root@server ~]# systemctl  restart sshd

[root@Client ~]# ssh root@192.168.122.228

root@192.168.122.228's password: 

Permission denied, please try again.


4. How to Enable X11 Forwarding in ssh.

[root@server ~]# yum install -y xorg-x11-server-Xorg xorg-x11-xauth xorg-x11-apps

[root@server ~]# vim /etc/ssh/sshd_config ( Change below Line )

#X11Forwarding no

#X11DisplayOffset 10

#X11UseLocalhost yes

to 

X11Forwarding yes

X11DisplayOffset 10

X11UseLocalhost yes


[root@server ~]# systemctl  restart sshd

[root@Client ~]# ssh raju@192.168.122.228 -X

raju@192.168.122.228's password: 

Last login: Thu Sep 22 10:35:23 2022 from 192.168.122.71

/usr/bin/xauth:  file /home/raju/.Xauthority does not exist

[raju@server ~]$ xclock 

Warning: locale not supported by Xlib, locale set to C


5. How to Enable strong Ciphers in SSH.

[root@server ~]# vim /etc/ssh/sshd_config ( add below Line )

Ciphers aes128-ctr,aes192-ctr,aes256-ctr (For RHEL/Centos 6.x )

Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com  (For RHEL/Centos 7.x )

Ciphers aes128-ctr,aes192-ctr,aes256-ctr, chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com (For RHEL/Centos 8.x )

[root@server ~]# systemctl  restart sshd


6. How to Enable strong  MAC algorithms in SSH.

[root@server ~]# vim /etc/ssh/sshd_config ( add below Line )

MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com  (For RHEL/Centos 6.x )

MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com  (For RHEL/Centos 7.x )

MACs hmac-sha2-256,hmac-sha2-512  (For RHEL/Centos 8.x )

[root@server ~]# systemctl  restart sshd


7. How to Enable strong Key Exchange algorithms in SSH.

[root@server ~]# vim /etc/ssh/sshd_config ( add below Line )

KexAlgorithms diffie-hellman-group-exchange-sha256   (For RHEL/Centos 6.x )

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256     (For RHEL/Centos 7.x )

KexAlgorithms diffie-hellman-group-exchange-sha256, curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256    (For RHEL/Centos 8.x )

[root@server ~]# systemctl  restart sshd


8. How to Add Banner in ssh.

[root@server ~]# vim /etc/ssh/sshd_config ( Change below Line )

#Banner none

to

Banner /etc/issue


[root@server ~]# vim  /etc/issue

Authorized uses only. All activity may be monitored and reported

[root@server ~]# systemctl  restart sshd


[root@Client ~]# ssh raju@192.168.122.228

Authorized uses only. All activity may be monitored and reported

raju@192.168.122.228's password: 



Comments

Post a Comment

Popular posts from this blog

PCS Corosync Pacemaker Cluster Mariadb using NFS

-
              PCS Corosync Pacemaker Cluster Mariadb using NFS I have use 2 node cluster with nfsserver  (NODE1,NODE2 and nfsserver )  OS RHEL7.6 Minimal Install IP 192.168.122.50 node1.example.com node1 IP 192.168.122.51 node2.example.com node2 IP 192.168.122.49 nfsserver.example.com nfsserver [root@node1 ~]# vi /etc/hosts  ( edit in NODE1,NODE2 and nfsserver ) 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.122.49 nfsserver.example.com nfsserver 192.168.122.50 node1.example.com node1 192.168.122.51 node2.example.com node2 #####  Stop Firewall in NODE1,NODE2 and nfsserver  ####### [root@node1 ~]# iptables -F [root@node1 ~]# iptables -F -t nat [root@node1 ~]# systemctl stop firewalld [root@node1 ~]# systemctl disable firewalld [root@node1 ~]# systemctl stop NetworkManager [root@node1 ~]# systemctl disable NetworkManager [root@node1 ~]# vi /etc/sy
Read more

How to install and configure node js and PM2 in rhel7

-
OS RHEL7.6 Minimal Install Download :  libuv-1.7.5-3.el7.x86_64.rpm , nodejs-4.7.2-1.el7.x86_64.rpm [root@node1 ~]# rpm -ivh nodejs-4.7.2-1.el7.x86_64.rpm warning: nodejs-4.7.2-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY error: Failed dependencies: libuv >= 1:1.7.5 is needed by nodejs-4.7.2-1.el7.x86_64 libuv.so.1()(64bit) is needed by nodejs-4.7.2-1.el7.x86_64 [root@node1 ~]# rpm -ivh libuv-1.7.5-3.el7.x86_64.rpm warning: libuv-1.7.5-3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY Preparing...                          ################################# [100%] Updating / installing...    1:libuv-1:1.7.5-3.el7              ################################# [100%] [root@node1 ~]# rpm -ivh nodejs-4.7.2-1.el7.x86_64.rpm warning: nodejs-4.7.2-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY Preparing...                          ################################# [100%] Updating / installing.
Read more

How to Create or Configure iSCSI Server and Clinet

-
Server: server.example.com IP Address: 192.168.122.246 OS: CentOS 7.9 Client: client.example.com IP Address: 192.168.122.245 Server: [root@server ~]# pvcreate /dev/vdb [root@server ~]# vgcreate newvg /dev/vdb [root@server ~]#  lvcreate -L 10G -n iscsi newvg [root@server ~]# yum install targetcli -y [root@server ~]# targetcli > cd /backstores/block /backstores/block> create iscsi_disk1 /dev/newvg/iscsi Created block storage object iscsi_disk1 using /dev/newvg/iscsi. /backstores/block> cd /iscsi /iscsi> create iqn.2016-02.local.cass2.server:disk1 Created target iqn.2016-02.local.cass2.server:disk1. Created TPG 1. Global pref auto_add_default_portal=true Created default portal listening on all IPs (0.0.0.0), port 3260. /iscsi> cd /iscsi/iqn.2016-02.local.cass2.server:disk1/tpg1/acls  /iscsi/iqn.20...sk1/tpg1/acls> create iqn.2016-02.local.cass2.server:cass1 Created Node ACL for iqn.2016-02.local.cass2.server:cass1 /iscsi/iqn.20...sk1/tpg1/acls> cd /iscsi/iqn.2016-02.
Read more