Updated on: 4.Feb.2021
- Run the test against your sshd to check the health status
- Disable root account and avoid using any other common account such as "pi", "user", "guest", etc.
- Use longer complex password.
- Change the SSH port.
- Using SSH key.
- In Windows, we are using PuTTYGen program (that comes with the installation of PuTTY). To generate the SSH key and below is the output (the file name is for illustration purpose but the file extension should be the same).
my-local-linux.ppk
- This file generated with PuTTYGen program ("save private key").
- Best is to use "key passhrase" to encrypt the file. This passhrase is required upon accessing the remote server.
my-local-linux.pub
- This is the public key and the contents in this file to be copy to the remote server.
- Copy the SSH public key (from the PUB file created above) to remote server,
cd ~
sudo mkdir .ssh
sudo nano .ssh/authorized_keys
(paste the public key and save the file)
# make sure the file is accessible with the user ID.
sudo chown -R yourID:yourID .ssh/authorized_keys
- Edit the sshd_config file
- In the config file, change the following settings.
4.Feb.2021 - I have experiment with changing the SSH port to other number. As a result, no more attack attempt on SSH. But, you still need fail2ban to defend the attacks (just in case someone found the port that you have configured) and SSH key is a must which makes it harder to break.
References
https://www.digitalocean.com/community/tutorials/how-to-harden-openssh-on-ubuntu-18-04
Using SSH key instead of password
https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1804
https://devops.ionos.com/tutorials/use-ssh-keys-with-putty-on-windows/#use-existing-public-and-private-keys
To setup 2 step verifcation in SSH
https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04
No comments:
Post a Comment