How to enable SSH service on Fedora Linux?

ByEric Ma

How to enable SSH service on Fedora Linux? By default, it seems ssh is not enabled.

Fedora may not have sshd service installed/enabled by default. You will need to install and configure it by yourself. The following instructions is for Fedora 22 as an example.

First, install the sshd server by

# dnf install openssh-server

Then, start the sshd service and make it automatically start next time you boot by

# systemctl start sshd.service
# systemctl enable sshd.service

Last, enable external connection to the port 22 (the default one) by configuring the firewall you are using.

Note: you may not need additional configurations if 22 is already opened.

If you are using firwalld, you may use the firewall-config tool (install it by dnf install firwall-config if you haven’t it).

Some further readings that you may find useful:

How to enable iptables on Fedora 20 https://www.systutorials.com/241222/how-to-enable-iptables-on-centos-7-fedora-20/

Basic iptables configuration for Linux https://www.systutorials.com/241412/basic-iptables-configuration-for-linux/

How to use iptables to limit rates new SSH incoming connections from each IP on Linux https://www.systutorials.com/241409/how-to-use-iptables-to-limit-rates-new-ssh-incoming-connections-from-each-ip-on-linux/

How to log connections hitting certain rules in iptables on Linux https://www.systutorials.com/241413/how-to-log-connections-hitting-certain-rules-in-iptables-on-linux/

A simple destop firewall:

http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/

copy paste from #! until the end (including exit 0) and put it in a file ending on sh (bash script).Make it executable.Don’t forget to check the name of your network interface with ifconfig.

#!/bin/bash
IPT="/sbin/iptables"
 
echo "Starting IPv4 Wall..."
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
modprobe ip_conntrack
 
BADIPS=$(egrep -v -E "^#|^$" /root/scripts/blocked.fw)
PUB_IF="eth0"
 
#unlimited 
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
 
# DROP all incomming traffic
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
 
# block all bad ips
for ip in $BADIPS
do
    $IPT -A INPUT -s $ip -j DROP
    $IPT -A OUTPUT -d $ip -j DROP
done
 
# sync
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW  -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Drop Syn"
 
 
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -j DROP
 
# Fragments
$IPT -A INPUT -i ${PUB_IF} -f  -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fragments Packets"
$IPT -A INPUT -i ${PUB_IF} -f -j DROP
 
 
# block bad stuff
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL ALL -j DROP
 
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "NULL Packets"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -j DROP # NULL packets
 
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
 
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "XMAS Packets"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS
 
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fin Packets Scan"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans
 
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
 
 
# Allow full outgoing connection but no incomming stuff
$IPT -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
 
# allow ssh only
$IPT -A INPUT -p tcp --destination-port 22 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 22 -j ACCEPT
 
# allow incoming ICMP ping pong stuff
$IPT -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# No smb/windows sharing packets - too much logging
$IPT -A INPUT -p tcp -i eth0 --dport 137:139 -j REJECT
$IPT -A INPUT -p udp -i eth0 --dport 137:139 -j REJECT
 
# Log everything else
# *** Required for psad ****
$IPT -A INPUT -j LOG
$IPT -A FORWARD -j LOG
$IPT -A INPUT -j DROP
 
# Start ipv6 firewall
# echo "Starting IPv6 Wall..."
#/root/scripts/start6.fw
 
exit 0
Read more:

Similar Posts

  • |

    How to Add Google to Firefox in Linux Mint as Default Search Engine

    ByEric Ma

    In Firefox on Linux Mint, Google is not in the default list of search engines. Linux Mint has its criteria for adding search engines while Google seems not in those suggested by Linux Mint because “Amongst commercial search engines, only the ones which share with Linux Mint the revenue Linux Mint users generate for them…

  • Xen HVM DomU configuration file

    ByQ A

    An example of Xen HVM DomU configuration file. An example for install the OS from an ISO: name=”10.0.1.235″ vcpus=2 memory=2048 shadow_memory=8 disk=[‘file:/lhome/xen/vm-10.0.1.235/vmdisk0,xvda,w’, ‘file:/lhome/Linux-x86_64-DVD.iso,xvdc:cdrom,r’] vif=[‘bridge=xenbr0′] kernel=’/usr/lib/xen/boot/hvmloader’ builder=’hvm’ device_model=’/usr/lib64/xen/bin/qemu-dm’ extra=” vnc=1 vnclisten=”0.0.0.0″ vncpasswd=’1234567′ # vncdisplay=1 vncconsole=1 on_reboot=’restart’ on_crash=’restart’ An example for run the VM after installation: name=”10.0.1.235″ vcpus=2 memory=2048 shadow_memory=8 disk=[‘file:/lhome/xen/vm-10.0.1.235/vmdisk0,xvda,w’] vif=[‘bridge=xenbr0′] kernel=’/usr/lib/xen/boot/hvmloader’ builder=’hvm’ device_model=’/usr/lib64/xen/bin/qemu-dm’ extra=” vnc=1…

  • How to allow pre tag in WordPress comments?

    ByEric Ma

    How to allow pre tag in WordPress comments? You can add a filter hook for pre_comment_approved: <?php function filter_handler( $approved , $commentdata ) { // inspect $commentdata to determine approval, disapproval, or spam status return $approved; } add_filter( ‘pre_comment_approved’ , ‘filter_handler’ , ’99’, 2 ); ?> Reference: https://codex.wordpress.org/Plugin_API/Filter_Reference/pre_comment_approved Read more: How to allow contributors to…

  • How to dd on Windows?

    ByEric Ma

    dd is a handy tool on Linux. But is it possible to run it on Windows? I find the dd in cygwin works very well for me. It provides as almost (if not the same) functions as the dd on Linux. The disks are specified in /dev/ as on Linux. This solution means: you need…

  • How to attach and mount Xen DomU’s disk to Dom0

    ByQ A

    How to attach and mount Xen DomU’s disk to Dom0 To attach phy:vg_xen/vm-10.1.1.228 to xvda on Domain-0: # xm block-attach Domain-0 phy:vg_xen/vm-10.1.1.228 xvda w Mount the new partition /dev/xvda2 to /mnt/xvda2: # mount /dev/xvda2 /mnt/xvda2 After finishing using the partition, umount it and detach it: # umount /mnt/xvda2/ # xm block-detach Domain-0 xvda Read more:…

  • How to get vCPU thread ID in QEMU/KVM host OS?

    ByWeiwei Jia

    In order to collect more information about CPU information internal guest OS, we usually need to get vCPU’s thread ID in host OS. Solution 1: Under directory ‘/sys/fs/cgroup/cpuset/machine’, you will find virtual_machine_name.libvirt-qemu directory. And under this directory, you will find all vCPU sub-directories and under these dirs, you will find vCPU thread IDs. For example…

Leave a Reply

Your email address will not be published. Required fields are marked *