Saturday, January 5, 2019

Securing your SSH Server

First, check if you can manage to log in with the private key. If you can then it is time to secure your SSH server.

(Login command)
# scp ~/.ssh/id_rsa.pub user@yourserver.com

# ee /etc/ssh/sshd_config

To disable the Password authentication.
#ChallengeResponseAuthentication yes
#PasswordAuthentication no
#UsePAM no

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Restart the SSH daemon and fingers crossed.
# service sshd restart

Check again, if you can manage to log in with the private key.


However, if you don’t plan to use SFTP/SCP to transfer files you should disable it. Do this by commenting out the line that starts with # Subsystem sftp.

Don't forget: Setting up your router port forwarding to 22
Funny mistake: You need to log in from outside network to log in with the public IP!
Link: How to secure your (SSH) server
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)