cami/server-security-wiki
1
0
Fork 0
forked from samuel-p/server-security-wiki
Code Issues Pull requests Projects Releases Wiki Activity
server-security-wiki/secure-ssh.md

998 B
Raw Blame History

Secure SSH

Disable root

Edit /etc/ssh/sshd_config and set PermitRootLogin no or if you really need root access, e.g. for backups set PermitRootLogin forced-commands-only.

Use Public Key Authentication

Create a new key pair on your client:

ssh-keygen -b 4096

Remember the path and password you choosed. Append the created public key from /<your-path>/<key-name>.pub on your client in the /home/<user>/.ssh/authorized_keys on your server.

Now edit /etc/ssh/sshd_config on your server and set the following values:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

PasswordAuthentication no

If you changed the path you can add the following to your ~/.ssh/config file on your client:

Host <your-host-or-ip>
        User <the-server-username> # optional
        IdentityFile /<your-path>/<key-name>

Apply Changes

To apply changes you made in the ssh config simply run systemctl restart ssh.service or service ssh restart.