리눅스 서버 셋팅

가상머신에 우분투를 설치하고, 

명령어 "sudo apt-get install openssh-server" 를 입력한 다음 설치가 이루어지고 난 뒤

다시 본래의 Windows10에서 Xshell5를 통하여 설치한 우분투의 ssh로 접근을 하였다.

정상적으로 잘 접근이 되는 것을 확인 하였고, 부가적으로 필요한 셋팅에 대해 잊어먹지 않기 위해

메모해둔다.

[vi 편집기]

-----------------------------

1. vi /etc/network/interfaces

    # This file describes the network interfaces available on your system

    # and how to activate them. For more information, see interfaces(5).

    # The loopback network interface

    auto lo

    iface lo inet loopback

     # menual

    auto eth0

    iface eth0 inet static

    address 172.xx.xxx.x

    netmask 255.255.255.0

    network 172.xx.xxx.x

    gateway 172.xx.xxx.x

    dns-nameservers 168.126.63.1 168.126.63.2

2. vi /etc/ssh/sshd_config

    # Package generated configuration file

    # See the sshd_config(5) manpage for details

    # What ports, IPs and protocols we listen for

    Port 22

    # Use these options to restrict which interfaces/protocols sshd will bind to

    #ListenAddress ::

    #ListenAddress 0.0.0.0

    Protocol 2

    # HostKeys for protocol version 2

    HostKey /etc/ssh/ssh_host_rsa_key

    HostKey /etc/ssh/ssh_host_dsa_key

    HostKey /etc/ssh/ssh_host_ecdsa_key

    HostKey /etc/ssh/ssh_host_ed25519_key

    #Privilege Separation is turned on for security

    UsePrivilegeSeparation yes

    # Lifetime and size of ephemeral version 1 server key

    KeyRegenerationInterval 3600

    ServerKeyBits 1024

    # Logging

    SyslogFacility AUTH

    LogLevel INFO

    # Authentication:

    LoginGraceTime 120

    PermitRootLogin without-password

    StrictModes yes

    RSAAuthentication yes

    PubkeyAuthentication yes

    #AuthorizedKeysFile     %h/.ssh/authorized_keys

    # Don't read the user's ~/.rhosts and ~/.shosts files

    IgnoreRhosts yes

    # For this to work you will also need host keys in /etc/ssh_known_hosts

    RhostsRSAAuthentication no

    # similar for protocol version 2

    HostbasedAuthentication no

    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

    #IgnoreUserKnownHosts yes

    # To enable empty passwords, change to yes (NOT RECOMMENDED)

    PermitEmptyPasswords no

    # Change to yes to enable challenge-response passwords (beware issues with

    # some PAM modules and threads)

    ChallengeResponseAuthentication no

    # Change to no to disable tunnelled clear text passwords

    #PasswordAuthentication yes

    # Kerberos options

    #KerberosAuthentication no

    #KerberosGetAFSToken no

    #KerberosOrLocalPasswd yes

    #KerberosTicketCleanup yes

    # GSSAPI options

    #GSSAPIAuthentication no

    #GSSAPICleanupCredentials yes

    RhostsRSAAuthentication no

    # similar for protocol version 2

    HostbasedAuthentication no

    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

    #IgnoreUserKnownHosts yes

    # To enable empty passwords, change to yes (NOT RECOMMENDED)

    PermitEmptyPasswords no

    # Change to yes to enable challenge-response passwords (beware issues with

    # some PAM modules and threads)

    ChallengeResponseAuthentication no

    # Change to no to disable tunnelled clear text passwords

    #PasswordAuthentication yes

    # Kerberos options

    #KerberosAuthentication no

    #KerberosGetAFSToken no

    #KerberosOrLocalPasswd yes

    #KerberosTicketCleanup yes

    # GSSAPI options

    #GSSAPIAuthentication no

    #GSSAPICleanupCredentials yes

    X11Forwarding yes

    X11DisplayOffset 10

    PrintMotd no

    PrintLastLog yes

    TCPKeepAlive yes

    #UseLogin no

    #MaxStartups 10:30:60

    #Banner /etc/issue.net

    # Allow client to pass locale environment variables

    AcceptEnv LANG LC_*

    Subsystem sftp /usr/lib/openssh/sftp-server

    # Set this to 'yes' to enable PAM authentication, account processing,

    # and session processing. If this is enabled, PAM authentication will

    # be allowed through the ChallengeResponseAuthentication and

    # PasswordAuthentication.  Depending on your PAM configuration,

    # PAM authentication via ChallengeResponseAuthentication may bypass

    # the setting of "PermitRootLogin without-password".

    # If you just want the PAM account and session checks to run without

    # PAM authentication, then enable this but set PasswordAuthentication

    # and ChallengeResponseAuthentication to 'no'.

    UsePAM yes

    UseDns no