Configure OpenSSH to use TCP-Wrappers inetd super server | All about OS

Configure OpenSSH to use TCP-Wrappers inetd super server

Категория: Securing and Optimizing

Tcp-Wrappers should be enabled to start and stop our OpenSSH server. Upon execution, inetd reads its configuration information from a configuration file which, by default, is 7etc/inetd.conf”.
There must be an entry for each field of the configuration file, with entries for each field separated by a tab or a space.
Stepi
Edit the inetd.conf file (vi /etc/inetd.conf) and add the line:
ssh stream top nowait root /usr/sbin/tcpd sshd -i
NOTE: The “-i” parameter is important since it’s specifies that sshd is being run from inetd. Also, update your “inetd.conf file by sending a SIGHUP signal (killall -HUP inetd) after adding the above line to the file.
• To update your “inetd.conf file, use the following command: [root@deep /]# killall -HUP inetd
Step 2
Edit the hosts.allow file (vi /etc/hosts.allow) and add the line:
sshd: 192.168.1.4 win.openna.com
Which mean client IP “192.168.1.4″ with host name “win.openna.com” is allowed to ssh in to the server.
These “daemon” strings (for tcp-wrappers) are in use by sshd:
SShdfwd-X11 (if you want to allow/deny X11 -forwarding).
SShdfwd- (for tcp-forwarding).
SShdfwd- (port-name defined in /etc/services. Used in tcp-forwarding).
NOTE: If you do decide to switch to using ssh, make sure you install and use it on all your servers. Having ten secure servers and one insecure is a waste of time.
Further documentation
For more details, there are several man pages you can read:
$ man ssh (1) - OpenSSH secure shell client (remote login program)
$ man ssh [slogin] (1) - OpenSSH secure shell client (remote login program)
$ man ssh-add (1) - adds identities for the authentication agent
$ man ssh-agent (1) - authentication agent
$ man ssh-keygen (1) - authentication key generation
$ man sshd (8) - secure shell daemon
OpenSSH Per-User Configuration
Stepi
Create your private & public keys of local, by executing:
[root@deep /]# su admin
[admin@deep /]$ ssh-keygen
The result should look like the following example: Initializing random number generator…
Generating p: ++ (distance 430)
Generating q: ++ (distance 456)
Computing the keys… Testing the keys…

Страниц: 1 2 3 4

« Securities Software (Network Services).Linux OpenSSH Client/Server
Linux SSH2 Client/Server »