SSH – successor and vanquisher of telnet, a standard of the communication protocols running on transport layer (tcp) of OSI Model. In this post I show my way of tweaking its security and comfort of use. The best way of linux system manipulation.
1. on your host, generate the certificate for authentication on ssh server. Typically permissions: .ssh dir (700), public key (644), private key (600).
ssh-keygen -o -a 100 -t ed25519
2. copy public cert into ssh server and add it to authenticated keys, where USERNAME stands for a user of the server
ssh-copy-id -i .ssh/id_ed25519.pub USERNAME@10.10.10.10
3. edit the ssh server config file
vi /etc/ssh/sshd_config
4. from the multiple settings edit only the following:
Port 2233 LogLevel VERBOSE PermitRootLogin no AllowUsers USERNAME PubkeyAuthentication yes PermitEmptyPasswords no PasswordAuthentication no
5.1 for manipulate selinux We need
yum install policycoreutils-python
5.2. if above command not working, probably you have to install:
semanage port -a -t ssh_port_t -p tcp 2233 restorecon -Rv ~/.ssh
6. restart the service
systemctl restart sshd.service