Ubuntu/openssh

From r00tedvw.com wiki
Revision as of 19:56, 23 April 2014 by R00t (Talk | contribs)

Jump to: navigation, search

Most versions of linux come with sshd installed, however it is not configured as a server. The easiest way is to use apt-get to install openssh-server

sudo apt-get install openssh-server

backup the default sshd_config to your home directory

sudo cp /etc/ssh/sshd_config ~

edit the sshd_config to increase security

disable root login
PermitRootLogin no
only allow specific users
AllowUsers john

restart sshd

sudo restart ssh

check to see if the service is running and listening on port 22

sudo egrep -i sshd /var/log/*log|more

or

sudo netstat -lp

sftp

after sshd is installed: edit sshd_config:

Subsystem sftp /usr/lib/openssh/sftp-server 
#Subsystem sftp internal-sftp -f AUTH -1 VERBOSE

#Uncomment this line if already commented
UsePAM yes
AllowGroups john sftpusers
Match Group sftpusers
   ChrootDirectory %h
   AllowTCPForwarding no
   X11Forwarding no
   ForceCommand internal-sftp
Match

In the case above, I already had a group that the user was part of. Below you'll find instructions on what to do if that does not exist already

>sudo groupadd sftpusers
>sudo adduser sftpuser
>sudo usermod -a -G sftpusers sftpuser
>sudo passwd sftpuser 
>sudo chown root:sftpuser /home/sftpuser
>sudo chmod 750 /home/sftpuser
>sudo mkdir /home/sftpuser/public
>sudo chown sftpuser:sftpuser /home/sftpuser/public
>sudo chmod 777 /home/sftpuser/public
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
2020 Election
Volkswagen
Covid
NCDMV
Toolbox