^ File/Folder ^ Numeric ^ Bitwise ^ | ~/.ssh | 700 | drwx------ | | ~/.ssh/id_rsa.pub | 644 | -rw-r--r-- | | ~/.ssh/id_rsa | 600 | -rw------- | | ~/.ssh/authorized_keys | 600 | -rw------- | | ~/.ssh/config | 600 | -rw------- |
#!/bin/bash cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig grep "PasswordAuthentication" /etc/ssh/sshd_config grep "PasswordAuthentication yes" /etc/ssh/sshd_config | sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config grep "PermitRootLogin" /etc/ssh/sshd_config grep "PermitRootLogin yes" /etc/ssh/sshd_config | sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config grep "PermitEmptyPasswords" /etc/ssh/sshd_config grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config grep "KerberosAuthentication" /etc/ssh/sshd_config grep "KerberosAuthentication no" /etc/ssh/sshd_config | sed -i 's/KerberosAuthentication no/KerberosAuthentication no/g' /etc/ssh/sshd_config grep "GSSAPIAuthentication" /etc/ssh/sshd_config grep "GSSAPIAuthentication no" /etc/ssh/sshd_config | sed -i 's/GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config grep "X11Forwarding" /etc/ssh/sshd_config grep "X11Forwarding yes" /etc/ssh/sshd_config | sed -i 's/X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config systemctl restart sshd.service
1. Regeneate Host Keys
sudo rm -v /etc/ssh/ssh_host_* # delete old host keys sudo dpkg-reconfigure openssh-server # create new set of keys sudo systemctl restart sshd # restart service
2. Delete old Public Keys from clients known_hosts files