Created
July 12, 2019 22:21
-
-
Save RomelSan/1842ed596d83a4deb59d0b1ede6e4137 to your computer and use it in GitHub Desktop.
SSH service Linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| * start the SSH service with systemctl | |
| sudo systemctl enable ssh | |
| sudo systemctl start ssh | |
| sudo systemctl restart sshd | |
| * Allow Or Deny SSH Access To A Particular User Or Group In Linux | |
| sudo nano /etc/ssh/sshd_config | |
| * Add or edit the following line: | |
| AllowUsers myUserName | |
| * You can also specify more than one user as shown below. | |
| AllowUsers myUserName otherUser | |
| * To allow an entire group, say for example root, add/edit the following line: | |
| AllowGroups root | |
| * Deny SSH Access to a user or group | |
| DenyUsers myUserName | |
| DenyGroups root | |
| * Root ssh access is considered a bad practice in terms of security. | |
| * Find the following line, Uncomment it, and set the value to no. | |
| PermitRootLogin no | |
| * Regenerate SSH keys | |
| sudo rm /etc/ssh/ssh_host* | |
| sudo ssh-keygen -A | |
| * Regenerate with custom SSH key (ed25519 is 256bits) | |
| sudo ssh-keygen -b 4096 -h -f /etc/ssh/ssh_host_rsa_key | |
| sudo ssh-keygen -t ed25519 -h -f /etc/ssh/ssh_host_ed25519_key | |
| + Note | |
| Host keys needs to be copied to /etc/ssh, | |
| permissions changed to 644 for public key, | |
| 600 for the private key, | |
| and owner changed to root:root. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment