====== OpenSSH ======

===== Harden SSH Access ======

<file bash harden_ssh.sh>
#!/bin/bash

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig

grep "PasswordAuthentication" /etc/ssh/sshd_config
grep "PasswordAuthentication yes" /etc/ssh/sshd_config | sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config

grep "PermitRootLogin" /etc/ssh/sshd_config
grep "PermitRootLogin yes" /etc/ssh/sshd_config | sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config

grep "PermitEmptyPasswords" /etc/ssh/sshd_config
grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config

grep "KerberosAuthentication" /etc/ssh/sshd_config
grep "KerberosAuthentication no" /etc/ssh/sshd_config | sed -i 's/KerberosAuthentication no/KerberosAuthentication no/g' /etc/ssh/sshd_config

grep "GSSAPIAuthentication" /etc/ssh/sshd_config
grep "GSSAPIAuthentication no" /etc/ssh/sshd_config | sed -i 's/GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config

grep "X11Forwarding" /etc/ssh/sshd_config
grep "X11Forwarding yes" /etc/ssh/sshd_config | sed -i 's/X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config

systemctl restart sshd.service
</file>


===== Regenerate Host Keys =====

1. Regeneate Host Keys
<code>
sudo rm -v /etc/ssh/ssh_host_*          # delete old host keys
sudo dpkg-reconfigure openssh-server    # create new set of keys
sudo systemctl restart ssh              # restart service
</code>

2. Delete old Public Keys from clients known_hosts files