Ubuntu/openssh
(→fixing quick time-out) |
|||
Line 51: | Line 51: | ||
~$ sudo service sshd restart</nowiki> | ~$ sudo service sshd restart</nowiki> | ||
− | ''' | + | '''ClientAliveInterval''': number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).<br> |
− | ''' | + | '''ClientAliveCountMax''': This is the limit of how long a client are allowed to stay unresponsive before being disconnected. The default value is 3 |
Revision as of 16:35, 10 January 2017
Most versions of linux come with sshd installed, however it is not configured as a server. The easiest way is to use apt-get to install openssh-server
sudo apt-get install openssh-server
backup the default sshd_config to your home directory
sudo cp /etc/ssh/sshd_config ~
edit the sshd_config to increase security
- disable root login
PermitRootLogin no
- only allow specific users
AllowUsers john
restart sshd
sudo restart ssh
check to see if the service is running and listening on port 22
sudo egrep -i sshd /var/log/*log|more
or
sudo netstat -lp
sftp
after sshd is installed: edit sshd_config:
Subsystem sftp /usr/lib/openssh/sftp-server #Subsystem sftp internal-sftp -f AUTH -1 VERBOSE #Uncomment this line if already commented UsePAM yes
AllowGroups john sftpusers Match Group sftpusers ChrootDirectory %h AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp Match
In the case above, I already had a group that the user was part of. Below you'll find instructions on what to do if that does not exist already
>sudo groupadd sftpusers >sudo adduser sftpuser >sudo usermod -a -G sftpusers sftpuser >sudo passwd sftpuser >sudo chown root:sftpuser /home/sftpuser >sudo chmod 750 /home/sftpuser >sudo mkdir /home/sftpuser/public >sudo chown sftpuser:sftpuser /home/sftpuser/public >sudo chmod 777 /home/sftpuser/public
fixing quick time-out
~$ sudo vi /etc/sshd/sshd_config uncomment or add: ClientAliveInterval 30 ClientAliveCountMax 5 ~$ sudo service sshd restart
ClientAliveInterval: number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).
ClientAliveCountMax: This is the limit of how long a client are allowed to stay unresponsive before being disconnected. The default value is 3