Secure ssh configuration

#migrated

Title: Secure ssh configuration

Created: 19 Mar 2023 Modified: 19 Mar 2023

Description:

Instructions

From the reference link, there are ten of them, but for my personal view point, i though below skills are the most import.

By editing the configuration /etc/ssh/sshd_config

vim /etc/ssh/sshd_config

Disable empty password

PermitEmptyPasswords no

PermitRootLogin no

Limiting specific user of using ssh. How to add user in CentOS

AllowUsers {user1} {user2}

Only using SSH protocal 2

Protocol 2

Change porte

Port {other port than 22}

Use key file

Refers to Use public/private key for authentication

Enable two factor authentication

Refers to How to add google authenticator to ssh [centos]

After the configuration set, the sshd service needs to be restart.

/etc/init.d/sshd restart
# or service sshd restart

Update host key

[Test SSH1]

[Test SSH2]

[Gen new host key]

ssh-keygen -b 8192 -f /etc/ssh/ssh_host_rsa_key_regen -N '' -t rsa 
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key_regen -N '' -t ed25519

# ecdsa maybe NSA backdored
# Do not use
#ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521

Update /etc/ssh/sshd_config

HostKey /etc/ssh/ssh_host_rsa_key_regen
#HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key_regen

#Comment below key
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

Update opensshserver.config

vim /etc/crypto-policies/back-ends/opensshserver.config

Page:

How to sync time in Linux
Page:

How to setup static IP
Page:

How to enable ssh for raspberry pi image
Page:

How to use sftp in command style