Professional Documents
Culture Documents
Linux Security Best Practices (Part 2)
Linux Security Best Practices (Part 2)
Installed by default
May need to be allowed through the firewall
Certificate authentication may need to be configured
Disable SSHv1
vi /etc/ssh/sshd_config
Protocol 2
systemctl restart sshd
Take note of key names/locations
Server keys are stored in /etc/ssh
You will want to generate new keys
[?] What is the best way to distribute the public key to users?
/etc/ssh/ssh_host_ecdsa_key.pub
ssh-keyscan <host>
ssh-keyscan 192.168.0.100 >> ~/.ssh/known_hosts
StrictHostKeyChecking
Client connections
ssh <username>@<hostname>
ssh -l <username> <hostname>
Configuration file is /etc/ssh/ssh_config
Options
-1 v1 Only
-2 v2 Only
-4 IPv4 Only
-6 IPv6 Only