How to secure your SSH server

To install the open-ssh serher: 

# aptitude install openssh-server

To change the default port used (helps prevent automated brute force attacks):

/etc/ssh/sshd_config 

Port 2222

To enable public key authentication: 

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

To disable password authentication: 

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

To restrict logins to specific users at specific hosts: 

AllowUsers username@host.example.com

To restart SSH (after making any of the above changes): 

/etc/init.d/ssh restart

SSH Client HOWTO

To generate an SSL key for public key authentication: 

mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -q -f ~/.ssh/id_rsa -t rsa

To modify the default port setting for the client (useful if your using a non-standard port on the server):

~/.ssh/config: 

Host *
Port 2222

Discussion

Enter your comment (wiki syntax is allowed):

Subscribe to the RSS feed for Andy's Debian HOWTOs

Article from Andy's Debian HOWTOs (http://www.besy.co.uk/debian/debian)

 
debian/how_to_secure_ssh_with_public_key_authentication.txt · Last modified: 2008/08/01 23:56 (external edit) · [Old revisions]
Recent changes RSS feed Powered by Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki