본문 바로가기
개발 공부 기록하기/- Linux

리눅스 서버 셋팅

by soulduse 2016. 2. 15.
반응형

가상머신에 우분투를 설치하고, 

명령어 "sudo apt-get install openssh-server" 를 입력한 다음 설치가 이루어지고 난 뒤

다시 본래의 Windows10에서 Xshell5를 통하여 설치한 우분투의 ssh로 접근을 하였다.


정상적으로 잘 접근이 되는 것을 확인 하였고, 부가적으로 필요한 셋팅에 대해 잊어먹지 않기 위해

메모해둔다.


[vi 편집기]

-----------------------------

1. vi /etc/network/interfaces

    # This file describes the network interfaces available on your system

    # and how to activate them. For more information, see interfaces(5).


    # The loopback network interface

    auto lo

    iface lo inet loopback

     # menual

    auto eth0

    iface eth0 inet static

    address 172.xx.xxx.x

    netmask 255.255.255.0

    network 172.xx.xxx.x

    gateway 172.xx.xxx.x


    dns-nameservers 168.126.63.1 168.126.63.2


2. vi /etc/ssh/sshd_config

    # Package generated configuration file

    # See the sshd_config(5) manpage for details


    # What ports, IPs and protocols we listen for

    Port 22

    # Use these options to restrict which interfaces/protocols sshd will bind to

    #ListenAddress ::

    #ListenAddress 0.0.0.0

    Protocol 2

    # HostKeys for protocol version 2

    HostKey /etc/ssh/ssh_host_rsa_key

    HostKey /etc/ssh/ssh_host_dsa_key

    HostKey /etc/ssh/ssh_host_ecdsa_key

    HostKey /etc/ssh/ssh_host_ed25519_key

    #Privilege Separation is turned on for security

    UsePrivilegeSeparation yes


    # Lifetime and size of ephemeral version 1 server key

    KeyRegenerationInterval 3600

    ServerKeyBits 1024


    # Logging

    SyslogFacility AUTH

    LogLevel INFO


    # Authentication:

    LoginGraceTime 120

    PermitRootLogin without-password

    StrictModes yes


    RSAAuthentication yes

    PubkeyAuthentication yes

    #AuthorizedKeysFile     %h/.ssh/authorized_keys


    # Don't read the user's ~/.rhosts and ~/.shosts files

    IgnoreRhosts yes

    # For this to work you will also need host keys in /etc/ssh_known_hosts

    RhostsRSAAuthentication no

    # similar for protocol version 2

    HostbasedAuthentication no

    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

    #IgnoreUserKnownHosts yes


    # To enable empty passwords, change to yes (NOT RECOMMENDED)

    PermitEmptyPasswords no


    # Change to yes to enable challenge-response passwords (beware issues with

    # some PAM modules and threads)

    ChallengeResponseAuthentication no


    # Change to no to disable tunnelled clear text passwords

    #PasswordAuthentication yes


    # Kerberos options

    #KerberosAuthentication no

    #KerberosGetAFSToken no

    #KerberosOrLocalPasswd yes

    #KerberosTicketCleanup yes


    # GSSAPI options

    #GSSAPIAuthentication no

    #GSSAPICleanupCredentials yes

    RhostsRSAAuthentication no

    # similar for protocol version 2

    HostbasedAuthentication no

    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

    #IgnoreUserKnownHosts yes


    # To enable empty passwords, change to yes (NOT RECOMMENDED)

    PermitEmptyPasswords no


    # Change to yes to enable challenge-response passwords (beware issues with

    # some PAM modules and threads)

    ChallengeResponseAuthentication no


    # Change to no to disable tunnelled clear text passwords

    #PasswordAuthentication yes


    # Kerberos options

    #KerberosAuthentication no

    #KerberosGetAFSToken no

    #KerberosOrLocalPasswd yes

    #KerberosTicketCleanup yes


    # GSSAPI options

    #GSSAPIAuthentication no

    #GSSAPICleanupCredentials yes


    X11Forwarding yes

    X11DisplayOffset 10

    PrintMotd no

    PrintLastLog yes

    TCPKeepAlive yes

    #UseLogin no


    #MaxStartups 10:30:60

    #Banner /etc/issue.net


    # Allow client to pass locale environment variables

    AcceptEnv LANG LC_*


    Subsystem sftp /usr/lib/openssh/sftp-server


    # Set this to 'yes' to enable PAM authentication, account processing,

    # and session processing. If this is enabled, PAM authentication will

    # be allowed through the ChallengeResponseAuthentication and

    # PasswordAuthentication.  Depending on your PAM configuration,

    # PAM authentication via ChallengeResponseAuthentication may bypass

    # the setting of "PermitRootLogin without-password".

    # If you just want the PAM account and session checks to run without

    # PAM authentication, then enable this but set PasswordAuthentication

    # and ChallengeResponseAuthentication to 'no'.

    UsePAM yes

    UseDns no




반응형
저작자표시

'개발 공부 기록하기 > - Linux' 카테고리의 다른 글

Ubuntu 22.04LTS Server 자동 로그인 하기  (0) 2023.09.06
[Linux] 로그에 찍힌 API 콜 횟수 구하기  (0) 2020.01.11
VI 문자열 일괄 변경하기  (0) 2020.01.11
[UBUNTU SERVER] 노트북 덮개(LID) 닫을때 대기모드 진입 방지  (0) 2016.03.18

관련글

티스토리툴바