This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
build:ssh [2007/05/31 11:28] 71.10.176.218 Fixed a typo. (CMB) |
build:ssh [2007/10/11 15:18] 4.245.77.92 |
||
---|---|---|---|
Line 8: | Line 8: | ||
apt-get install -y ssh | apt-get install -y ssh | ||
</code> | </code> | ||
- | |||
===== Configuration ===== | ===== Configuration ===== | ||
Fix it so ''root'' cannot log in: | Fix it so ''root'' cannot log in: | ||
<code rootshell> | <code rootshell> | ||
- | sed -i -e 's/^PermitRootLogin .*$/PermitRootLogin no/' /etc/ssh/sshd_config | + | sed -i -e 's/^PermitRootLogin .*$/PermitRootLogin forced-commands-only/' /etc/ssh/sshd_config |
</code> | </code> | ||
Line 25: | Line 24: | ||
sed -i -e 's:#Banner .*$:Banner /etc/issue.net:' /etc/ssh/sshd_config | sed -i -e 's:#Banner .*$:Banner /etc/issue.net:' /etc/ssh/sshd_config | ||
</code> | </code> | ||
+ | |||
+ | Have SSH accept connections on an alternate port for situations where port 22 is blocked at the client's end, or blocked by mistake on the server's end. Edit /etc/ssh/sshd_config to add new statement "Port 443" (without the quotes) after the existing Port statement. | ||
+ | |||
+ | Correct problem with "Request for subsystem 'sftp' failed on channel 0" when using SSH protocol version 2. Edit /etc/ssh/sshd_config to change value on sftp statement from "/usr/libexec/openssh/sftp-server" (which doesn't exist) to "/usr/lib/sftp-server". Also tell sshd to reread configuration using the kill command documented below. This was probably due to the upgrade to ssh a month or two ago on budlight and might not be needed on future uprades or installations. If "sftp -2" to the system works, then it is probably ok. | ||
===== Startup ===== | ===== Startup ===== | ||
Line 67: | Line 70: | ||
===== Comments ===== | ===== Comments ===== | ||
- |