1.2 KiB
Secure SSH
Disable root
Edit /etc/ssh/sshd_config
and set PermitRootLogin no
or if you really need root access, e.g. for backups set PermitRootLogin forced-commands-only
.
Use Public Key Authentication
Create a new key pair on your client:
ssh-keygen -t ed25519 -a 100
Remember the path and password you choosed. Append the created public key from /<your-path>/<key-name>.pub
on your client in the /home/<user>/.ssh/authorized_keys
on your server. Alternatively you can use the command ssh-copy-id
on your local client. For this command you can do the following:
ssh-copy-id -i /<your-path>/<key-name>.pub user@host
Now edit /etc/ssh/sshd_config
on your server and set the following values:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
If you changed the path you can add the following to your ~/.ssh/config
file on your client:
Host <your-host-or-ip>
User <the-server-username> # optional
IdentityFile /<your-path>/<key-name>
IdentitiesOnly yes # useful if you have problems when trying to login
Apply Changes
To apply changes you made in the ssh config simply run systemctl restart ssh.service
or service ssh restart
.