General Information
This page covers the Network Services objectives, specifically for ssh.
Network Services Objectives
The following virtual machines will be used:
Install the service: This should already be installed by default.
yum install openssh openssh-server
Configuring the ssh daemon with a non standard port and allowing port access with selinux.
semanage port -l | grep ssh
Change SSHDs Port
Edit sshd's config
vim /etc/ssh/sshd_config Port 2022
Restart the service
systemctl restart sshd
SELinux: Configure Non-Standard Port
Add the new port to SELinux Ports
semanage port -a -t ssh_port_t -p tcp 2022
Open the firewall for the new port
firewall-cmd --permanent --add-port=2022/tcp firewall-cmd --reload
Connect on Non Standard Port
From a client system
ssh user@server1 -p 2022
Check Current Service Status
systemctl status sshd
Enabling a service to start on boot
systemctl enable sshd
Enable and Start the service
systemctl enable sshd
systemctl start sshd
Allow access through the firewall
firewall-cmd --permanent --add-service=ssh firewall-cmd --reload
There are two methods to control access based on host:
Create a rich rule
firewall-cmd --add-rich-rule='rule family="ipv4" service name="ssh" source address="192.168.1.152" log prefix="SSHD HOST DENIED: " reject' firewall-cmd --reload
The first match of the following actions is taken
Denied Hosts
vim /etc/hosts.deny sshd: hacker.local
Allowed Hosts
vim /etc/hosts.allow sshd: *.example.com
SSHD Main Config (space separated user list)
vim /etc/ssh/sshd_config AllowUsers yoda luke han DenyUsers vader stormtrooper