Skip to content

OpenSSH#

Cheatsheet#

  • generate ssh key
Bash
mkdir ~/.ssh
ssh-keygen -t ed25519 -C "[[email protected]]" -f ~./.ssh/[server]/id_ed25519
  • create the authorized_keys
Bash
touch ~/.ssh/authorized_keys
echo "[public-key-sting]" >> ~/.ssh/authorized_keys
  • set permissions/ownership on .ssh
Bash
chmod 700 -R ~/.ssh
chmod 644 ~/.ssh/authorized_keys
chown [user]:[group] ~/.ssh/authorized_keys
ll -R ~/.ssh | grep 'ssh\|auth'
  • verify permissions/ownership on .ssh
Bash
ll -R ~ | grep 'ssh\|auth'

SSH Hardening#

  • disable password login in sshd_config
Bash
sudo vi /etc/ssh/sshd_config
# uncomment and change: 
  '#PasswordAuthentication yes' -> 'PasswordAuthentication no'
sudo systemctl restart ssh

[!danger] Open new SSH season and test login with RSA Keys before closing the existing connection

  • change default ssh port in sshd_config
Bash
sudo vi /etc/ssh/sshd_config
# change line
  'port 1337'
sudo systemctl restart ssh

References#

  • 3os Project: technical documentation/guides for DevOps engineers/sysadmins
Last update: 2023-03-10