Can anyone walk me through the steps and Linux commands to 1. Install OpenSSH on

Question

Can anyone walk me through the steps and Linux commands to

1. Install OpenSSH on your server (if you haven’t already).

2. Make sure you have at least TWO accounts on both your client and server boxes. Name the secondary account “otheraccount.” Use your own account as the primary account.

3. Use Google or your own omniscience to determine how to make the following changes to your server side configuration (there’s a specific file that needs to be modified):

a) SSH should listen on port 444

b) SSH should ONLY use SSH Protocol 2

c) SSH should allow only your user account to login, deny the "otheraccount."

d) Deny root login (that is, root cannot log in to the server)

e) Make sure that accounts with empty passwords are NOT allowed to login.

f) Enable the option that allows a banner to be displayed when logging in. Create your own unique banner that includes something interesting (see mine below). Banner MUST include the text “Fall is Fun! Almost Done!.” Add whatever else you like to the banner.

Create your own unique banner that includes something interesting (see mine below). Banner MUST include the text “Fall is Fun! Almost Done!.” Add whatever else you like to the banner. Note I'm not telling you HOW to do it, or in which file these configuration options reside. It's easy enough to find out. Once you find the file, read through it. Read through the policies above, and implement it. Restart SSH on your server using the following: sudo /etc/init.d/ssh restart Now, I want you to login to the server. When you do, create a screen capture.

Deliverables:

1. The SSH configuration file with all of the appropriate changes.

2. The screen capture.

Put these items in a directory/folder called ..5.zip, upload. You’re done.

Explanation / Answer

1.

OpenSSH, the most popular ssh server for Linux-based systems.It is used to connect the server more securely from remote systems having ssh clients. These are the following steps to install the openssh server on Ubuntu and LinuxMint systems.

Installing a OpenSSH Server

OpenSSH packages are available under default apy repositories for most of the Linux operating systems. Install it by using following commands

Configuring OpenSSH

OpenSSH main configuration file is /etc/ssh/sshd_config. After successful installing OpenSSH server on your system, you may need to make few changes to secure your server.

Restart OpenSSH

After making all necessary changes restart openssh server using the following command

$ sudo service ssh restart

2.

To add a user account, use the following syntax, and follow the prompts to give the account a password and identifiable characteristics, such as a full name, phone number, etc.

To temporarily lock or unlock a user account, use the following syntax, respectively:

3.

a)

On your local computer, you can define individual configurations for some or all of the servers you connect to. These can be stored in the ~/.ssh/config file, which is read by your SSH client each time it is called.

Create or open this file in your text editor on your local computer:

Inside, you can define individual configuration options by introducing each with a Host keyword, followed by an alias. Beneath this and indented, you can define any of the directives found in the ssh_config man page:

An example configuration would be:

You could then connect to example.com on port 4444 using the username "demo" by simply typing:

b)

Disabling Protocol 1 to use SSH protocol 2

SSH has two protocols it may either use protocol 1 and protocol 2. The older protocol 1 is less secure and should be disabled unless you know that you specifically require it. Look for the following line in the /etc/ssh/sshd_config file, uncomment it and amend as shown:

and restart the sshd service.

c)

Allowing only your user account to login Through SSH

To explicitly limit the user accounts who are able to login through SSH, you can take a few different approaches, each of which involve editing the SSH daemon config file.

On your remote server, open this file now with root or sudo privileges:

The first method of specifying the accounts that are allowed to login is using the AllowUsers directive. Search for the AllowUsers directive in the file. If one does not exist, create it anywhere. After the directive, list the user accounts that should be allowed to login through SSH:

Save and close the file. Restart the daemon to implement your changes.

d)

Denying Root Login

It is often advisable to completely disable root login through SSH after you have set up an SSH user account that has sudo privileges.

To do this, open the SSH daemon configuration file with root or sudo on your remote server.

Inside, search for a directive called PermitRootLogin. If it is commented, uncomment it. Change the value to "no":

Save and close the file. To implement your changes, restart the SSH daemon.

e)

A strong password policy is one of the most important aspects of your security posture. Many successful security breaches involve simple brute force and dictionary attacks against weak passwords. If you intend to offer any form of remote access involving your local password system, make sure you adequately address minimum password complexity requirements, maximum password lifetimes, and frequent audits of your authentication systems.

Minimum Password Length

By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below.

If you would like to adjust the minimum length to 8 characters, change the appropriate variable to min=8. The modification is outlined below.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.