Banner
Örnek
$ nc 10.0.0.10 22
SSH-2.0-OpenSSH_8.6
Kurulum
On Debian-derived distributions, the command to install an SSH server is usually:
aptitude install openssh-server
On Red Hat derived distributions, the command would usually be:
yum install openssh-server
These commands must be run as root.
If the server does not start automatically, try using the service sshd start command, or just reboot the computer.
Servisi Durdurmak
Şöyle
yaparız.
systemctl disable --now ssh.socket
İlk komut socket'i kapatır. Açıklaması
şöyle.
The systemd SSH socket is active, and the SSH service is socket-activated. You need to disable the socket as well
Sonra servisi durdurmak için şöyle
yaparız.
systemctl disable ssh
Servisi Tekrar Başlatmak
Ubuntu ve Debian'da tekrar başlatmak için şöyle
yaparız.
sudo service ssh restart
Centos ve Fedora'da şöyle
yaparız..
sudo service sshd restart
sysvinit kullanan daha eski sunucularda şöyle
yaparız.
/etc/init.d/ssh restart
Şifre
ssh ile "password authentication" veya "key authentication"
yapılabilir. password authentication için açıklama
şöyle
By default SSH uses user accounts and passwords that are managed by the host OS. (Well, actually managed by PAM but that distinction probably isn't too useful here.) What this means is that when you attempt to connect to SSH with the username 'bob' and some password the SSH server program will ask the OS "I got this guy named 'bob' who's telling me his password is 'wonka'. Can I let him in?" If the answer is yes, then SSH allows you to authenticate and you go on your merry way.
authorized_keys dosyası
authorized_keys Dosyası yazısına taşıdım.
authentication log file
İşletim sistemine göre farklılık
gösterir.
CentOS'ta
/var/log/secure dosyasıdır.
Debian ve Ubuntu'da
/var/log/auth.log dosyasıdır. Bu dosyaya bakarak ssh saldırılarını görmek
mümkün.
The SSH server has a configuration file, usually /etc/sshd/sshd_config. The configuration file specifies encryption options, authentication options, file locations, logging, and various other parameters.
/usr/sbin/sshd - Asıl Process
The sshd process is started when the system boots. The program is usually located at /usr/sbin/sshd. It runs as root. The initial process acts as the master server that listens to incoming connections. Generally this process is the one with the lowest process id or the one that has been running the longest. It is also the parent process of all the other sshd processes. ...
A new process is created for each new SSH session.
Bu komutu çalıştığını anlamak için şöyle yaparız
# cat /var/run/sshd.pid
8
-d seçeneği
Debug loglarını gösterir
Örnek
Şöyle yaparız
Açıklaması
şöyle. Daemon olmamasını sağlar.
Do not detach and become daemon. This is often used when sshd is run using systemd. This allows easier monitoring of the process in such environments. Without this option, the SSH server forks and detaches from terminal, making itself a background daemon process. The latter has been the traditional way to run the SSH server until recently. Many embedded systems would still use the latter.
-e seçeneği
When this option is specified, sshd will send the output to the standard error instead of the system log.
Örnek
Şöyle yaparız