OpenSSH Configuration and Setup, basic procedure to setup and secure an SSH Server on Linux.<\/p>\n\n\n\n\n\n\n\n
# 1. Installing OpenSSH (client and server)
# Ubuntu
sudo apt update && sudo apt install openssh-server openssh-client
# CentOS
sudo dnf install openssh-server openssh-clients
# connecting to the server
ssh -p 22 username@server_ip # => Ex: ssh -p 2267 john@192.168.0.100
ssh -p 22 -l username server_ip
ssh -v -p 22 username@server_ip # => verbose
# 2. Controlling the SSHd daemon
# checking its status
sudo systemctl status ssh # => Ubuntu
sudo systemctl status sshd # => CentOS
# stopping the daemon
sudo systemctl stop ssh # => Ubuntu
sudo systemctl stop sshd # => CentOS
# restarting the daemon
sudo systemctl restart ssh # => Ubuntu
sudo systemctl restart sshd # => CentOS
# enabling at boot time
sudo systemctl enable ssh # => Ubuntu
sudo systemctl enable sshd # => CentOS
sudo systemctl is-enabled ssh # => Ubuntu
sudo systemctl is-enabled sshd # => CentOS
# 3. Securing the SSHd daemon
# change the configuration file (\/etc\/ssh\/sshd_config) and then restart the server
man sshd_config
a) Change the port
Port 2278
b) Disable direct root login
PermitRootLogin no
c) Limit Users\u2019 SSH access
AllowUsers stud u1 u2 john
d) Filter SSH access at the firewall level (iptables)
e) Activate Public Key Authentication and Disable Password Authentication
f) Use only SSH Protocol version 2
g) Other configurations:
ClientAliveInterval 300
ClientAliveCountMax 0
MaxAuthTries 2
MaxStartUps 3
LoginGraceTime 20
** Commands – Locking User Accounts
# locking password authentication
sudo passwd -l USERNAME
sudo password –lock USERNAME
# checking the account status
sudo passwd –status USERNAME
sudo chage -l USERNAME
# unlocking password authentication
sudo passwd -u USERNAME
# disable an account completely
sudo usermod –expiredate 1 tux
sudo usermod –expiredate 1970-01-02 tux
# checking the account expiration date
sudo chage -l tux
<\/p>\n","protected":false},"excerpt":{"rendered":"
OpenSSH Configuration and Setup, basic procedure to setup and secure an SSH Server on Linux.<\/p>\n","protected":false},"author":1,"featured_media":12,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-27","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=\/wp\/v2\/posts\/27","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=27"}],"version-history":[{"count":11,"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=\/wp\/v2\/posts\/27\/revisions"}],"predecessor-version":[{"id":127,"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=\/wp\/v2\/posts\/27\/revisions\/127"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=\/wp\/v2\/media\/12"}],"wp:attachment":[{"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=27"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=27"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.7softinteractive.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=27"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}