fachinformatiker-wiki

it's easy when it's here

User Tools

Site Tools

Trace: Nexcloud M/Monit OpenSSH System Center Operations Manager 2007 R2
linux:remote_access:openssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
linux:remote_access:openssh [2022/11/12 16:19] – created gsyslinux:remote_access:openssh [2026/03/12 20:37] (current) – [Regenerate Host Keys] gsys
Line 1: Line 1:
 ====== OpenSSH ====== ====== OpenSSH ======
  
 +===== Permissions =====
 +
 +<code>
 +^ File/Folder             ^ Numeric  ^ Bitwise    ^
 +| ~/.ssh                  | 700      | drwx------ |
 +| ~/.ssh/id_rsa.pub       | 644      | -rw-r--r-- |
 +| ~/.ssh/id_rsa           | 600      | -rw------- |
 +| ~/.ssh/authorized_keys  | 600      | -rw------- |
 +| ~/.ssh/config           | 600      | -rw------- |
 +</code>
 ===== Harden SSH Access ====== ===== Harden SSH Access ======
  
 <file bash harden_ssh.sh> <file bash harden_ssh.sh>
 #!/bin/bash #!/bin/bash
 +
 cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
-  + 
-grep "PasswordAuthentication yes" /etc/ssh/sshd_config | sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config+grep "PasswordAuthentication" /etc/ssh/sshd_config 
 +grep "PasswordAuthentication yes" /etc/ssh/sshd_config | sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config 
 + 
 +grep "PermitRootLogin" /etc/ssh/sshd_config
 grep "PermitRootLogin yes" /etc/ssh/sshd_config | sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config grep "PermitRootLogin yes" /etc/ssh/sshd_config | sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
-grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config 
-grep "KerberosAuthentication no" /etc/ssh/sshd_config | sed -i 's/#KerberosAuthentication no/KerberosAuthentication no/g' /etc/ssh/sshd_config 
-grep "GSSAPIAuthentication no" /etc/ssh/sshd_config | sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config 
  
-systemctl ssh restart+grep "PermitEmptyPasswords" /etc/ssh/sshd_config 
 +grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config 
 + 
 +grep "KerberosAuthentication" /etc/ssh/sshd_config 
 +grep "KerberosAuthentication no" /etc/ssh/sshd_config | sed -i 's/KerberosAuthentication no/KerberosAuthentication no/g' /etc/ssh/sshd_config 
 + 
 +grep "GSSAPIAuthentication" /etc/ssh/sshd_config 
 +grep "GSSAPIAuthentication no" /etc/ssh/sshd_config | sed -i 's/GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config 
 + 
 +grep "X11Forwarding" /etc/ssh/sshd_config 
 +grep "X11Forwarding yes" /etc/ssh/sshd_config | sed -i 's/X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config 
 + 
 +systemctl restart sshd.service
 </file> </file>
 +
 +
 +===== Regenerate Host Keys =====
 +
 +1. Regeneate Host Keys
 +<code>
 +sudo rm -v /etc/ssh/ssh_host_*          # delete old host keys
 +sudo dpkg-reconfigure openssh-server    # create new set of keys
 +sudo systemctl restart sshd             # restart service
 +</code>
 +
 +2. Delete old Public Keys from clients known_hosts files
linux/remote_access/openssh.1668266351.txt.gz · Last modified: (external edit)