From the command line install open ssh
client and server with the following commands:
sudo apt-get install openssh-client
sudo apt-get install openssh-server
make a copy of the original configuration file and protect it from
being over written with the following commands:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo chmod a-w /etc/ssh/sshd_config.original
sudo chmod a-w /etc/ssh/sshd_config.original
Rather than use a password for logging in we are going to use keys.
note: The default file location is fine. Also be sure to set a good
pass phrase. To make sure your key is even more secure we are going to encrypt it at 4096 bits rather than the default 2048:
ssh-keygen -t rsa -b 4096
ssh-keygen -t rsa -b 4096
To transfer the public key from the
server (or host computer) to your computer (client) ssh in to the
server using the password then issue the following command:
ssh-copy-id <username>@<host>
note: this has to be done using port 22
Next we are going to edit the
/etc/ssh/sshd_config
gksu gedit /etc/ssh/sshd_config
note this can also be done with,
leafpad, nano. vim, vi....
Since we are using keys instead
of passwords we want the following:
PasswordAuthentication
no
More
security can also be achieved by allowing particular users:
AllowUsers
Alice Bob Eve
Now
is a good time to set the following:
PermitRootLogin
no
AuthorizedKeysFile %h/.ssh/authorized_keys
note:
It is also a good idea to change the port from 22 to something else
but only after issuing the ssh-copy-id command.
Make
sure the following lines are uncommented by deleting the
preceding “#” sign.
Personally I also change the following settings:
LogLevel
VERBOSE
Banner
/etc/issue.net
note:
The Banner option lits the contents of /etc/issue.net file when
logging in
After
saving the file and restart the sshd server by issuing the following
command:
sudo /etc/init.d/ssh restart
No comments:
Post a Comment