This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
build:ssh [2007/08/09 12:47] 4.245.79.206 |
build:ssh [2007/10/11 15:18] 4.245.77.92 |
||
---|---|---|---|
Line 12: | Line 12: | ||
Fix it so ''root'' cannot log in: | Fix it so ''root'' cannot log in: | ||
<code rootshell> | <code rootshell> | ||
- | sed -i -e 's/^PermitRootLogin .*$/PermitRootLogin no/' /etc/ssh/sshd_config | + | sed -i -e 's/^PermitRootLogin .*$/PermitRootLogin forced-commands-only/' /etc/ssh/sshd_config |
</code> | </code> | ||
Line 24: | Line 24: | ||
sed -i -e 's:#Banner .*$:Banner /etc/issue.net:' /etc/ssh/sshd_config | sed -i -e 's:#Banner .*$:Banner /etc/issue.net:' /etc/ssh/sshd_config | ||
</code> | </code> | ||
+ | |||
+ | Have SSH accept connections on an alternate port for situations where port 22 is blocked at the client's end, or blocked by mistake on the server's end. Edit /etc/ssh/sshd_config to add new statement "Port 443" (without the quotes) after the existing Port statement. | ||
Correct problem with "Request for subsystem 'sftp' failed on channel 0" when using SSH protocol version 2. Edit /etc/ssh/sshd_config to change value on sftp statement from "/usr/libexec/openssh/sftp-server" (which doesn't exist) to "/usr/lib/sftp-server". Also tell sshd to reread configuration using the kill command documented below. This was probably due to the upgrade to ssh a month or two ago on budlight and might not be needed on future uprades or installations. If "sftp -2" to the system works, then it is probably ok. | Correct problem with "Request for subsystem 'sftp' failed on channel 0" when using SSH protocol version 2. Edit /etc/ssh/sshd_config to change value on sftp statement from "/usr/libexec/openssh/sftp-server" (which doesn't exist) to "/usr/lib/sftp-server". Also tell sshd to reread configuration using the kill command documented below. This was probably due to the upgrade to ssh a month or two ago on budlight and might not be needed on future uprades or installations. If "sftp -2" to the system works, then it is probably ok. |