tailieunhanh - Implementing SSH Strategies for Optimizing the Secure Shell phần 7

i và thiết lập một mật khẩu cho cả khóa OpenSSH cũ và phím SSH2 mới được chuyển đổi. Sử dụng các lệnh sau đây để chuyển đổi các phím trên máy khách hàng: Nếu bạn đính kèm một cụm từ mật khẩu để khóa riêng, các văn bản sau đây sẽ xuất hiện | 218 Chapter 6 installation has been completed. See Chapter 1 for details on how to install an SSH server. SSH Communications provides the ability to restrict or permit port forwarding also known as tunneling on the SSH server. For example if port forwarding is not desired the tunneling settings can restrict access while still allowing terminal and or SFTP access. In addition to permitting or restricting port forwarding the ability to allow port forwarding for only a specified set of users and denying everyone else is possible. Furthermore the ability to deny port forwarding for a set number of users and allow everyone else is possible. Lastly in addition to allowing and denying specific users and or groups the SSH server can restrict port forwarding using ACLs based on IP addresses and port numbers. For example if port forwarding is not desired to all internal machines but rather to a selected few port forwarding ACLs can be set to allow only certain IP addresses on certain ports to be accessible to port forwarding SSH clients. To view the tunnel configuration options and configure these options on SSH Communications SSH server perform the following steps 1. Change directories to etc sshd2 cd etc sshd2 2. View the sshd2_config file specifically the tunneling section more sshd2_config 3. The tunneling section of the sshd2_config is as follows Tunneling AllowX11Forwarding yes AllowTcpForwarding yes AllowTcpForwardingForUsers sjl cowboyneal@slashdot .org DenyTcpForwardingForUsers 2 digit 4 peelo AllowTcpForwardingForGroups privileged_tcp_forwarders DenyTcpForwardingForGroups coming_from_outside Local port forwardings to host ports 143 and 25 are allowed for all users in group users. Note that forwardings using the name of this host will be allowed if it can be resolved from the DNS . ForwardACL allow local . users i10 .1 .0 .25 143 25 Local port forwardings requested exactly to host port 8080 are allowed for users that have s as first .