Secure SSH server

Posted: April 30, 2009 in archlinux, Debian, Slackware

To install the open-ssh server:

# aptitude install openssh-server

To change the default port used (helps prevent automated brute force attacks):

/etc/ssh/sshd_config

Port xxxx (you can use port 3151, 2222, 2929)

To enable public key authentication:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

To disable password authentication:

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

To restrict logins to specific users at specific hosts:

AllowUsers username@host.example.com

To restart SSH (after making any of the above changes):

/etc/init.d/ssh restart

SSH Client

To generate an SSL key for public key authentication:

mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -q -f ~/.ssh/id_rsa -t rsa

To modify the default port setting for the client (useful if your using a non-standard port on the server):

~/.ssh/config:

Host *
Port 2222

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s