linux:remote_access:openssh
Table of Contents
OpenSSH
Harden SSH Access
- harden_ssh.sh
#!/bin/bash cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig grep "PasswordAuthentication" /etc/ssh/sshd_config grep "PasswordAuthentication yes" /etc/ssh/sshd_config | sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config grep "PermitRootLogin" /etc/ssh/sshd_config grep "PermitRootLogin yes" /etc/ssh/sshd_config | sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config grep "PermitEmptyPasswords" /etc/ssh/sshd_config grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config grep "KerberosAuthentication" /etc/ssh/sshd_config grep "KerberosAuthentication no" /etc/ssh/sshd_config | sed -i 's/KerberosAuthentication no/KerberosAuthentication no/g' /etc/ssh/sshd_config grep "GSSAPIAuthentication" /etc/ssh/sshd_config grep "GSSAPIAuthentication no" /etc/ssh/sshd_config | sed -i 's/GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config grep "X11Forwarding" /etc/ssh/sshd_config grep "X11Forwarding yes" /etc/ssh/sshd_config | sed -i 's/X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config systemctl restart sshd.service
Regenerate Host Keys
1. Regeneate Host Keys
sudo rm -v /etc/ssh/ssh_host_* # delete old host keys sudo dpkg-reconfigure openssh-server # create new set of keys sudo systemctl restart ssh # restart service
2. Delete old Public Keys from clients known_hosts files
linux/remote_access/openssh.txt · Last modified: 2024/03/12 16:33 by gsys