tailieunhanh - Implementing SSH Strategies for Optimizing the Secure Shell phần 3
Điều này đặt ít nhấn mạnh vào các địa chỉ IP của máy chủ SSH, có thể dễ dàng giả mạo, và chú trọng hơn nữa vào các phím máy chủ của máy chủ, mà không thể bị giả mạo rất dễ dàng. Các máy chủ SSH xác định nếu khách hàng được ủy quyền để kết nối với dịch vụ | 54 Chapter 2 Network Settings The network section of the sshd2_config file should look like the following Port ListenAddress RequireReverseMapping ResolveClientHostName MaxBroadcastsPerSecond NoDelay KeepAlive 443 no yes 0 yes yes The network section of the SSH configuration GUI should look like Figure . Figure Network screen from the SSH server configuration tool. SSH Servers 55 Table describes the Network options available for the SSH server. Table Options in the Network Section Windows OPTION DESCRIPTION Port Sets the port number for SSH to listen on. Default port is 22 however listening on several ports including other nonstandard ports such as 80 443 or 8080 may be optimal since business travelers may not be able to make outbound connections on port 22 but since port 80 or 443 is usually accessible. To listen on multiple ports add the following lines Port 22 Port 80 Port 443 Port 8080 ListenAddress Sets the IP address to have the SSH daemon listen on. The default which is will enable the SSH services on all interfaces. If there are interfaces where SSH should not be listening such as the external interface of a firewall remove and add the appropriate IP addresses. To listen on only select interfaces add the following lines ListenAddress ListenAddress RequireReverseMapping Enables yes or disables no the requirement of DNS lookups to succeed in order to work with AllowHost and DenyHost entries. If enabled and the DNS lookup fails the request is denied. If disabled and the DNS lookup fails the IP address in AllowHosts and DenyHosts is checked. ResolveClientHostname sshd2_config file only Enables yes or disables no the server resolving via DNS the client s IP address. MaxBroadcastPerSecond sshd2_config file only Identifies the number of UDP broadcasts the server should handle per second. The default value which is zero has no broadcast handled. continued 56 Chapter 2 Table continued .
đang nạp các trang xem trước