Secure secure shell

SSH – successor and vanquisher of telnet, a standard of the communication protocols running on transport layer (tcp) of OSI Model. In this post I show my way of tweaking its security and comfort of use. The best way of linux system manipulation.

1. on your host, generate the certificate for authentication on ssh server. Typically permissions: .ssh dir (700), public key (644), private key (600).

ssh-keygen -o -a 100 -t ed25519

2. copy public cert into ssh server and add it to authenticated keys, where USERNAME stands for a user of the server

ssh-copy-id -i .ssh/id_ed25519.pub USERNAME@10.10.10.10

3. edit the ssh server config file

vi /etc/ssh/sshd_config

4. from the multiple settings edit only the following:

Port 2233
LogLevel VERBOSE
PermitRootLogin no
AllowUsers USERNAME
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no

5.1 for manipulate selinux We need

yum install policycoreutils-python

5.2. if above command not working, probably you have to install:

semanage port -a -t ssh_port_t -p tcp 2233
restorecon -Rv ~/.ssh

6. restart the service

systemctl restart sshd.service

Leave a Reply

Your email address will not be published. Required fields are marked *