devoalda
/
devoalda.gitlab.io
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
devoalda.gitlab.io/content/en/posts/ssh.md

2.6 KiB
Raw Blame History

author authorEmoji title description date draft hideToc enableToc enableTocContent tocPosition tocLevels image tags series categories
Devoalda 🐺 SSH SSH and SSHD Configurations 2020-07-05T18:15:01+08:00 false false true true inner
h1
h2
h3
images/postImages/SSH.png
linux
arch
program
ssh
Linux Programs
linux
program

Introduction

SSH is an important tool as a system administrator. It allows for remote connection to your machine through a client, and the ability to control your machine from wherever you are.

However, malicious attackers are able to do a brute force attack on your machine via SSH. Therefore, this tutorial will not only setup your ssh server, it will strengthen the server to help against unwanted brute force attacks.

This tutorial will setup SSH on your machine on port 2222, instead of the default port 22; Disables remote root login, and also password authentication. You will be able to connect to your machine via ssh keypairs for added security, instead of entering your password.

You will need 2 machines to use keypair authentication

Installation

Install openssh and ufw with your package manager on both your local and remote machines

yay -S openssh ufw

Start and enable ssh service

sudo systemctl start sshd 
sudo systemctl enable sshd

Key generation

Use Command

ssh-keygen -t rsa

ssh-copy-id -i ~/.ssh/id_rsa.pub <Username>@<Remote IP Address>

Follow the prompt to generate a key, copy key to remote machines

REST of the configurations below are done in the remote machine

SSH Configurations

On the remote machine, edit sshd_config file

sudo vim /etc/ssh/sshd_config

Add the following configurations

Port 2222
PermitRootLogin no
AllowUsers <username>
PasswordAuthentication no

Restart sshd service

sudo systemctl restart sshd

Note sshd_config file location may vary with different distros

Config explanation and notes

  • Port - Specify Port number to your liking
  • PermitRootLogin - Self Explanatory
  • Allow Users - Self Explanatory
  • Password Authentication - Disable Password authentication to use key
    • Remember to ssh-copy-id to machine before adding this

Enable ufw firewall service to start on boot

sudo systemctl start ufw
sudo systemctl enable ufw

Firewall

Allow ssh port on the firewall, I am using non-default ports for ssh

sudo ufw limit 2222/tcp comment 'SSH Port 2222 limit'

Connection

On your machine, connect to the remote machine with:

ssh -p 2222 <username>@<Remote IP Address>