fachinformatiker-wiki

it's easy when it's here

User Tools

Site Tools

Trace: Komprimierte VMDKs konvertieren fail2ban Minecraft-Server Control-Script PowerShell Befehle
linux:remote_access:openssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:remote_access:openssh [2022/11/16 18:53] – external edit 127.0.0.1linux:remote_access:openssh [2026/03/12 20:37] (current) – [Regenerate Host Keys] gsys
Line 1: Line 1:
 ====== OpenSSH ====== ====== OpenSSH ======
  
 +===== Permissions =====
 +
 +<code>
 +^ File/Folder             ^ Numeric  ^ Bitwise    ^
 +| ~/.ssh                  | 700      | drwx------ |
 +| ~/.ssh/id_rsa.pub       | 644      | -rw-r--r-- |
 +| ~/.ssh/id_rsa           | 600      | -rw------- |
 +| ~/.ssh/authorized_keys  | 600      | -rw------- |
 +| ~/.ssh/config           | 600      | -rw------- |
 +</code>
 ===== Harden SSH Access ====== ===== Harden SSH Access ======
  
Line 9: Line 19:
  
 grep "PasswordAuthentication" /etc/ssh/sshd_config grep "PasswordAuthentication" /etc/ssh/sshd_config
-grep "PasswordAuthentication yes" /etc/ssh/sshd_config | sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config+grep "PasswordAuthentication yes" /etc/ssh/sshd_config | sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
  
 grep "PermitRootLogin" /etc/ssh/sshd_config grep "PermitRootLogin" /etc/ssh/sshd_config
-grep "PermitRootLogin prohibit-password" /etc/ssh/sshd_config | sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config+grep "PermitRootLogin yes" /etc/ssh/sshd_config | sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
  
 grep "PermitEmptyPasswords" /etc/ssh/sshd_config grep "PermitEmptyPasswords" /etc/ssh/sshd_config
-grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config+grep "PermitEmptyPasswords no" /etc/ssh/sshd_config | sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
  
 grep "KerberosAuthentication" /etc/ssh/sshd_config grep "KerberosAuthentication" /etc/ssh/sshd_config
-grep "KerberosAuthentication no" /etc/ssh/sshd_config | sed -i 's/#KerberosAuthentication no/KerberosAuthentication no/g' /etc/ssh/sshd_config+grep "KerberosAuthentication no" /etc/ssh/sshd_config | sed -i 's/KerberosAuthentication no/KerberosAuthentication no/g' /etc/ssh/sshd_config
  
 grep "GSSAPIAuthentication" /etc/ssh/sshd_config grep "GSSAPIAuthentication" /etc/ssh/sshd_config
-grep "GSSAPIAuthentication no" /etc/ssh/sshd_config | sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config+grep "GSSAPIAuthentication no" /etc/ssh/sshd_config | sed -i 's/GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
  
 grep "X11Forwarding" /etc/ssh/sshd_config grep "X11Forwarding" /etc/ssh/sshd_config
Line 28: Line 38:
 systemctl restart sshd.service systemctl restart sshd.service
 </file> </file>
 +
 +
 +===== Regenerate Host Keys =====
 +
 +1. Regeneate Host Keys
 +<code>
 +sudo rm -v /etc/ssh/ssh_host_*          # delete old host keys
 +sudo dpkg-reconfigure openssh-server    # create new set of keys
 +sudo systemctl restart sshd             # restart service
 +</code>
 +
 +2. Delete old Public Keys from clients known_hosts files
linux/remote_access/openssh.1668621231.txt.gz · Last modified: (external edit)