Securing the SSH server

This is my checklist of TODO things to make my SSH daemons more "Internet-ready":

  1. Copy my public key to the remote host:
ssh-copy-id remote_host
  1. Login on the remote host
ssh remote_host
  1. Edit the /etc/ssh/sshd_config file and change the following configuration options:
ChallengeResponseAuthentication no
LoginGraceTime 30
MaxStartups 2:30:10
PasswordAuthentication no
PermitRootLogin no
PubkeyAuthentication yes
UsePAM no
  1. Restart the SSH daemon, but don't disconnect the SSH session:
sudo service ssh restart
  1. Open another shell and verify that pubkey authentication now works:
ssh -v remote_host
  1. Observe that:
  2. Now I logged without typing my password
  3. The SSH client printed the following message:
debug: Authentication succeeded (publickey)

That's it.

See Archives for a complete list of articles