Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:network_services_overview_ssh [2016/10/06 21:23] billdozor [Use SELinux port labeling to allow services to use non-standard ports] |
linux_wiki:network_services_overview_ssh [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 12: | Line 12: | ||
* Configure the service for basic operation | * Configure the service for basic operation | ||
* Configure host-based and user-based security for the service | * Configure host-based and user-based security for the service | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Lab Setup ====== | ||
+ | |||
+ | The following virtual machines will be used: | ||
+ | * server1.example.com (192.168.1.150) -> The SSH client | ||
+ | * server2.example.com (192.168.1.151) -> The SSH server | ||
---- | ---- | ||
Line 72: | Line 80: | ||
From a client system | From a client system | ||
<code bash> | <code bash> | ||
- | ssh server1 -p 2022 | + | ssh user@server1 -p 2022 |
</ | </ | ||
Line 115: | Line 123: | ||
===== Host Based ===== | ===== Host Based ===== | ||
- | All are allowed | + | There are two methods to control access based on host: |
+ | * Firewall rich rule | ||
+ | * TCP Wrappers (hosts.allow, | ||
+ | |||
+ | \\ | ||
+ | ==== Host Based: Firewall ==== | ||
+ | |||
+ | Create a rich rule< | ||
+ | firewall-cmd --reload | ||
+ | </ | ||
+ | * Rejects ssh traffic from the source address 192.168.1.152 and logs the rejection. | ||
+ | |||
+ | \\ | ||
+ | ==== Host Based: TCP Wrappers ==== | ||
+ | |||
+ | The first match of the following actions is taken | ||
+ | * Matching entry in hosts.allow -> Host is allowed | ||
+ | * Matching entry in hosts.deny -> Host is denied | ||
+ | * No match of either -> Host is allowed | ||
\\ | \\ | ||
Line 135: | Line 161: | ||
===== User Based ===== | ===== User Based ===== | ||
- | SSHD Main Config | + | SSHD Main Config |
<code bash> | <code bash> | ||
vim / | vim / | ||
- | AllowUsers yoda,luke,han | + | AllowUsers yoda luke han |
- | DenyUsers vader,stormtrooper | + | DenyUsers vader stormtrooper |
</ | </ | ||
---- | ---- | ||