Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Package generated configuration file
- # See the sshd_config(5) manpage for details
- # What ports, IPs and protocols we listen for
- Port 22
- # Use these options to restrict which interfaces/protocols sshd will bind to
- #ListenAddress ::
- #ListenAddress 0.0.0.0
- Protocol 2
- # HostKeys for protocol version 2
- HostKey /etc/ssh/ssh_host_rsa_key
- HostKey /etc/ssh/ssh_host_dsa_key
- HostKey /etc/ssh/ssh_host_ecdsa_key
- #Privilege Separation is turned on for security
- UsePrivilegeSeparation yes
- # Lifetime and size of ephemeral version 1 server key
- KeyRegenerationInterval 3600
- ServerKeyBits 768
- # Logging
- SyslogFacility AUTH
- LogLevel INFO
- # Authentication:
- LoginGraceTime 120
- PermitRootLogin yes
- StrictModes yes
- RSAAuthentication yes
- PubkeyAuthentication yes
- #AuthorizedKeysFile %h/.ssh/authorized_keys
- # Don't read the user's ~/.rhosts and ~/.shosts files
- IgnoreRhosts yes
- # For this to work you will also need host keys in /etc/ssh_known_hosts
- RhostsRSAAuthentication no
- # similar for protocol version 2
- HostbasedAuthentication no
- # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
- #IgnoreUserKnownHosts yes
- # To enable empty passwords, change to yes (NOT RECOMMENDED)
- PermitEmptyPasswords no
- # Change to yes to enable challenge-response passwords (beware issues with
- # some PAM modules and threads)
- ChallengeResponseAuthentication no
- # Change to no to disable tunnelled clear text passwords
- #PasswordAuthentication yes
- # Kerberos options
- #KerberosAuthentication no
- #KerberosGetAFSToken no
- #KerberosOrLocalPasswd yes
- #KerberosTicketCleanup yes
- # GSSAPI options
- #GSSAPIAuthentication no
- #GSSAPICleanupCredentials yes
- X11Forwarding yes
- X11DisplayOffset 10
- PrintMotd no
- PrintLastLog yes
- TCPKeepAlive yes
- #UseLogin no
- #MaxStartups 10:30:60
- #Banner /etc/issue.net
- # Allow client to pass locale environment variables
- AcceptEnv LANG LC_*
- Subsystem sftp /usr/lib/openssh/sftp-server
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
- # be allowed through the ChallengeResponseAuthentication and
- # PasswordAuthentication. Depending on your PAM configuration,
- # PAM authentication via ChallengeResponseAuthentication may bypass
- # the setting of "PermitRootLogin without-password".
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and ChallengeResponseAuthentication to 'no'.
- UsePAM yes
- sudo adduser -y senthil
- sudo adduser senthil sudo
- ssh senthil@SERVER_IP
- Permission denied, please try again.
- Jul 2 09:38:07 ip-192-xx-xx-xxx sshd[3037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=MY_CLIENT_IP user=senthil
- Jul 2 09:38:09 ip-192-xx-xx-xxx sshd[3037]: Failed password for senthil from MY_CLIENT_IP port 39116 ssh2
- ssh -v senthil@SERVER_IP
- OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
- debug1: Reading configuration data /etc/ssh/ssh_config
- debug1: /etc/ssh/ssh_config line 19: Applying options for *
- debug1: Connecting to SERVER_IP [SERVER_IP] port 22.
- debug1: Connection established.
- debug1: identity file {MY-WORKSPACE}/.ssh/id_rsa type 1
- debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
- debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
- debug1: identity file {MY-WORKSPACE}/.ssh/id_rsa-cert type -1
- debug1: identity file {MY-WORKSPACE}/.ssh/id_dsa type -1
- debug1: identity file {MY-WORKSPACE}/.ssh/id_dsa-cert type -1
- debug1: identity file {MY-WORKSPACE}/.ssh/id_ecdsa type -1
- debug1: identity file {MY-WORKSPACE}/.ssh/id_ecdsa-cert type -1
- debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-7ubuntu1
- debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH*
- debug1: Enabling compatibility mode for protocol 2.0
- debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
- debug1: SSH2_MSG_KEXINIT sent
- debug1: SSH2_MSG_KEXINIT received
- debug1: kex: server->client aes128-ctr hmac-md5 none
- debug1: kex: client->server aes128-ctr hmac-md5 none
- debug1: sending SSH2_MSG_KEX_ECDH_INIT
- debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
- debug1: Server host key: ECDSA {SERVER_HOST_KEY}
- debug1: Host 'SERVER_IP' is known and matches the ECDSA host key.
- debug1: Found key in {MY-WORKSPACE}/.ssh/known_hosts:1
- debug1: ssh_ecdsa_verify: signature correct
- debug1: SSH2_MSG_NEWKEYS sent
- debug1: expecting SSH2_MSG_NEWKEYS
- debug1: SSH2_MSG_NEWKEYS received
- debug1: Roaming not allowed by server
- debug1: SSH2_MSG_SERVICE_REQUEST sent
- debug1: SSH2_MSG_SERVICE_ACCEPT received
- debug1: Authentications that can continue: password
- debug1: Next authentication method: password
- senthil@SERVER_IP's password:
- debug1: Authentications that can continue: password
- Permission denied, please try again.
- senthil@SERVER_IP's password:
- -L, --lock
- Lock a user's password. This puts a '!' in front of the encrypted password,
- effectively disabling the password.
- ubuntu:!$6$rWDSG...HSi1:15347:0:99999:7:::
- usermod -U ubuntu
- sudo adduser username
- sudo adduser username sudo
- sudo su -l ubuntu
- PermitRootLogin yes
- AllowUsers otheruser
- AllowUsers senthil
- ssh senthil@yourhostname
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
- # AllowTcpForwarding no
- # ForceCommand cvs server
- Ciphers aes128-ctr,aes192-ctr,aes256-ctr
- ClientAliveInterval 432000
- ClientAliveCountMax 0
- #AllowUsers TestUser
Add Comment
Please, Sign In to add comment