diff options
| author | Silvino Silva <silvino@bk.ru> | 2016-10-15 01:31:34 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2016-10-15 01:57:43 +0100 |
| commit | 3d29ecb8767d923f79b82566fd57b08db76b8fc5 (patch) | |
| tree | ac92517562ecf2025320b3487c76e2ed02eed6ee /tools/openssh.html | |
| parent | da52c4b286dc1d3def59f20dbe25f033793c92cc (diff) | |
| download | doc-3d29ecb8767d923f79b82566fd57b08db76b8fc5.tar.gz | |
tools revision
Diffstat (limited to 'tools/openssh.html')
| -rw-r--r-- | tools/openssh.html | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/tools/openssh.html b/tools/openssh.html index 3fe72e3..d0a549c 100644 --- a/tools/openssh.html +++ b/tools/openssh.html @@ -2,11 +2,11 @@ <html dir="ltr" lang="en"> <head> <meta charset='utf-8'> - <title>1. OpenSSH</title> + <title>OpenSSH</title> </head> <body> <a href="index.html">Tools Index</a> - <h1>1. OpenSSH</h1> + <h1>OpenSSH</h1> <p>OpenBSD Secure Shell, is a suite of security-related network-level utilities based on the SSH protocol, @@ -14,7 +14,7 @@ encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities.</p> - <h2 id="sshd">1.1. Server</h2> + <h2 id="sshd">1. Server</h2> <p>Crux openssh port install this files to etc;</p> @@ -45,7 +45,7 @@ $ man sshd </pre> - <h3 id="sshdconf">1.1.1. Configure Server</h3> + <h3 id="sshdconf">1.1. Configure Server</h3> <p>Read OpenSSH server <a href="http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html">Best Security Practices</a>, @@ -68,7 +68,12 @@ #ListenAddress :: </pre> - <p>Authentication settings;</p> + <pre> + # The default requires explicit activation of protocol 1 + Protocol 2 + </pre> + + <p>Authentication settings;</p> <pre> # Authentication: @@ -114,9 +119,10 @@ Banner /etc/issue </pre> + <h3 id="iptables">1.2. Configure iptables</h3> <p>Iptables;</p> - <p>Example of <a href="../src/bash/iptables/iptables.sh">iptable script</a></p> + <p>Example of <a href="scripts/system-iptables.sh">system-iptables.sh</a></p> <pre> $IPT -A INPUT -i ${PUB_IF} -p tcp --dport 2222 --sport 1024:65535 -m state --state ESTABLISHED -j ACCEPT @@ -124,6 +130,8 @@ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT </pre> + <h3 id="syslogng">1.3. Configure Syslog-ng</h3> + <p>Change SyslogFacility in accordance with <a href="syslog-ng.html#syslog-conf">syslog-ng configuration;</a></p> <pre> @@ -154,7 +162,7 @@ # ss -f inet -l -p | grep ssh </pre> - <h2 id="ssh">1.2. Client</h2> + <h2 id="ssh">2. Client</h2> <p>To create new key;</p> @@ -186,7 +194,7 @@ $ chmod 600 ~/.ssh/gitolite </pre> - <h3 id="sshpubkey">1.2.1. Install Public Keys</h3> + <h3 id="sshpubkey">2.1. Install Public Keys</h3> <p>Send gitolite.pub public key to server. In this example bob (administrator of gitolite) is on same host, @@ -215,7 +223,7 @@ $ ssh -P 2222 bob@remote.org </pre> - <h3 id="sshid">1.2.2. Configure Identities</h3> + <h3 id="sshid">2.2. Configure Identities</h3> <p>When you have multiple accounts/identities you can configure ssh client so you dont need to give @@ -270,7 +278,7 @@ <p>Logout just detach from session with ctrl + b d </p> - <h2 id="reverse">1.3. Reverse connection</h2> + <h2 id="reverse">3. Reverse connection</h2> <p>This information is inspired by <a href="http://www.vdomck.org/2005/11/reversing-ssh-connection.html">Reverse SSH connections</a> @@ -295,10 +303,10 @@ <a href="index.html">Tools Index</a> <p>This is part of the c9-doc Manual. -Copyright (C) 2016 -c9 team. -See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a> -for copying conditions.</p> + Copyright (C) 2016 + c9 team. + See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a> + for copying conditions.</p> </body> |