[root@server-rhel6 ~]# rpm -q openssh-server
openssh-server-5.3p1-112.el6_7.x86_64
[root@server-rhel6 ~]# yum install openssh-server
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Setting up Install Process
Package openssh-server-5.3p1-112.el6_7.x86_64 already installed and latest version
Nothing to do
[root@server-rhel6 ~]# useradd hulk
[root@server-rhel6 ~]# passwd hulk
Changing password for user hulk.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@server-rhel6 ~]# service sshd start
[root@server-rhel6 ~]# service sshd status
openssh-daemon (pid 2713) is running…
[root@server-rhel6 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:B5:97:4A
inet addr:172.16.28.150 Bcast:172.16.28.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb5:974a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32665 errors:0 dropped:0 overruns:0 frame:0
TX packets:14389 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:47081444 (44.9 MiB) TX bytes:1078129 (1.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@server-rhel6 ~]# iptables -I INPUT -p tcp –dport 22 -j ACCEPT
[root@server-rhel6 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@server-rhel6 ~]# service iptables reload
iptables: Trying to reload firewall rules: [ OK ]
[root@server-rhel6 ~]# iptables -L | grep ssh
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:ssh
———————————————————————————————–
[root@rhel6-client1 ~]# ssh 172.16.28.150
The authenticity of host ‘172.16.28.150 (172.16.28.150)’ can’t be established.
RSA key fingerprint is ef:4a:f0:0f:72:b9:0e:99:b2:d2:17:5a:3c:c4:5f:6f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.16.28.150’ (RSA) to the list of known hosts.
root@172.16.28.150’s password:
By default ssh command will enable root session. If you want to login from normal user then specify his name with -l options. or username@ipaddress.
[root@rhel6-client1 ~]# ssh 172.16.28.150 -l hulk
hulk@172.16.28.150’s password:
[root@rhel6-client1 ~]# ssh hulk@172.16.28.150
hulk@172.16.28.150’s password:
[hulk@server-rhel6 ~]$
—————————————————————————————————–
How to make user from denying through ssh
[root@server-rhel6 ~]# vim /etc/ssh/sshd_config
DenyUsers hulk
[root@server-rhel6 ~]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@rhel6-client1 ~]# ssh hulk@172.16.28.150
hulk@172.16.28.150’s password:
Permission denied, please try again.
hulk@172.16.28.150’s password:
[root@server-rhel6 ~]# cat /etc/ssh/sshd_config | grep PermitRootLogin
PermitRootLogin no
# the setting of “PermitRootLogin without-password”.
[root@rhel6-client1 ~]# ssh root@172.16.28.150
root@172.16.28.150’s password:
Permission denied, please try again.
root@172.16.28.150’s password:
