SSH Security

1 minute read

Create another user

useradd -m -s /bin/bash dev

passwd # Set a strong password

# switch to dev user
su dev

# switch to root user
su root - # the "-" is good to include to initialize the shell properly. it is optional though.

Disable remote root login

sudo vim /etc/ssh/sshd_config

# find the line that says "PermitRootLogin" and set it to no. And save it.
PermitRootLogin no

# Restart ssh service to reload the config
sudo systemctl restart ssh

Securing using SSH Keys

# on the client machine

# using a newer algorithm
ssh-keygen -t ed25519

# using rsa
ssh-keygen -t rsa -b 4096

# transfer the public key to the server securely
ssh-copy-id dev@192.168.122.246

# or, if you've provided custom keypair name, you have to provide the entire path of the key file.
ssh-copy-id -i /home/john/.ssh/ubnt_server.pub dev@192.168.122.246

Disable Password Authentication

WARNING! BEFORE PROCEEDING MAKE SURE YOUR SSH KEYS BASED AUTHENTICATION IS WORKING PROPERLY. OTHERWISE DO NOT PROCEED. YOU MAY LOOSE ACCESS TO THE SERVER!

sudo vim /etc/ssh/sshd_config

# Find the line "PasswordAuthentication" and set it to "no". And save it
PasswordAuthentication no