From fb386371b255187c221d96c21eaf54473f3e9543 Mon Sep 17 00:00:00 2001
From: Samuel Philipp <mail@sp-codes.de>
Date: Sat, 20 Feb 2021 13:07:27 +0000
Subject: [PATCH] Add 'secure-ssh.md'

---
 secure-ssh.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 secure-ssh.md

diff --git a/secure-ssh.md b/secure-ssh.md
new file mode 100644
index 0000000..80087e8
--- /dev/null
+++ b/secure-ssh.md
@@ -0,0 +1,32 @@
+# Secure SSH
+
+## Disable root
+
+Edit `/etc/ssh/sshd_config` and set `PermitRootLogin no` or if you really need root access, e.g. for backups set `PermitRootLogin forced-commands-only`.
+
+## Use Public Key Authentication
+
+Create a new key pair on your client:
+
+```
+ssh-keygen -b 4096
+```
+
+Remember the path and password you choosed. Append the created public key from `/<your-path>/<key-name>.pub` on your client in the `/home/<user>/.ssh/authorized_keys`.
+
+If you changed the path you can add the following to your `~/.ssh/config` file on your client:
+
+```
+Host <your-host-or-ip>
+        User <the-server-username> # optional
+        IdentityFile /<your-path>/<key-name>
+```
+
+Now edit `/etc/ssh/sshd_config` on your server and set the following values:
+
+```
+PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys
+
+PasswordAuthentication no
+```