forked from samuel-p/server-security-wiki
Add 'secure-ssh.md'
This commit is contained in:
parent
3c39b9a48a
commit
fb386371b2
1 changed files with 32 additions and 0 deletions
32
secure-ssh.md
Normal file
32
secure-ssh.md
Normal file
|
@ -0,0 +1,32 @@
|
|||
# Secure SSH
|
||||
|
||||
## Disable root
|
||||
|
||||
Edit `/etc/ssh/sshd_config` and set `PermitRootLogin no` or if you really need root access, e.g. for backups set `PermitRootLogin forced-commands-only`.
|
||||
|
||||
## Use Public Key Authentication
|
||||
|
||||
Create a new key pair on your client:
|
||||
|
||||
```
|
||||
ssh-keygen -b 4096
|
||||
```
|
||||
|
||||
Remember the path and password you choosed. Append the created public key from `/<your-path>/<key-name>.pub` on your client in the `/home/<user>/.ssh/authorized_keys`.
|
||||
|
||||
If you changed the path you can add the following to your `~/.ssh/config` file on your client:
|
||||
|
||||
```
|
||||
Host <your-host-or-ip>
|
||||
User <the-server-username> # optional
|
||||
IdentityFile /<your-path>/<key-name>
|
||||
```
|
||||
|
||||
Now edit `/etc/ssh/sshd_config` on your server and set the following values:
|
||||
|
||||
```
|
||||
PubkeyAuthentication yes
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
PasswordAuthentication no
|
||||
```
|
Loading…
Reference in a new issue