fachinformatiker-wiki

it's easy when it's here

User Tools

Site Tools

Trace:
linux:remote_access:openssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:remote_access:openssh [2022/11/12 16:33] gsyslinux:remote_access:openssh [2024/03/12 16:33] (current) – [Regenerate Host Keys] gsys
Line 5: Line 5:
 <file bash harden_ssh.sh> <file bash harden_ssh.sh>
 #!/bin/bash #!/bin/bash
 +
 cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig cp /etc/ssh/sshd_config /etc/ssh/sshd_config.orig
-grep "PasswordAuthentication yes" /etc/ssh/sshd_config 
-grep "PasswordAuthentication yes" /etc/ssh/sshd_config | sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ss> 
  
-grep "PermitRootLogin prohibit-password" /etc/ssh/sshd_config +grep "PasswordAuthentication" /etc/ssh/sshd_config 
-grep "PermitRootLogin prohibit-password" /etc/ssh/sshd_config | sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin no/g' />+grep "PasswordAuthentication yes" /etc/ssh/sshd_config | sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
  
-grep "PermitEmptyPasswords no" /etc/ssh/sshd_config +grep "PermitRootLogin" /etc/ssh/sshd_config 
-grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_c>+grep "PermitRootLogin yes" /etc/ssh/sshd_config | sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
  
-grep "KerberosAuthentication no" /etc/ssh/sshd_config +grep "PermitEmptyPasswords" /etc/ssh/sshd_config 
-grep "KerberosAuthentication no" /etc/ssh/sshd_config | sed -i 's/#KerberosAuthentication no/KerberosAuthentication no/g' /etc/ssh/>+grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
  
-grep "GSSAPIAuthentication no" /etc/ssh/sshd_config +grep "KerberosAuthentication" /etc/ssh/sshd_config 
-grep "GSSAPIAuthentication no" /etc/ssh/sshd_config | sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_c>+grep "KerberosAuthentication no" /etc/ssh/sshd_config | sed -i 's/KerberosAuthentication no/KerberosAuthentication no/g' /etc/ssh/sshd_config 
 + 
 +grep "GSSAPIAuthentication" /etc/ssh/sshd_config 
 +grep "GSSAPIAuthentication no" /etc/ssh/sshd_config | sed -i 's/GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config 
 + 
 +grep "X11Forwarding" /etc/ssh/sshd_config 
 +grep "X11Forwarding yes" /etc/ssh/sshd_config | sed -i 's/X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config
  
 systemctl restart sshd.service systemctl restart sshd.service
 </file> </file>
 +
 +
 +===== Regenerate Host Keys =====
 +
 +1. Regeneate Host Keys
 +<code>
 +sudo rm -v /etc/ssh/ssh_host_*          # delete old host keys
 +sudo dpkg-reconfigure openssh-server    # create new set of keys
 +sudo systemctl restart ssh              # restart service
 +</code>
 +
 +2. Delete old Public Keys from clients known_hosts files
linux/remote_access/openssh.1668267199.txt.gz · Last modified: (external edit)