Skip to content

Instantly share code, notes, and snippets.

@i-blis

i-blis/recipe.md

Created May 25, 2014 19:53
Show Gist options
  • Save i-blis/b1436fa300c5dd18c359 to your computer and use it in GitHub Desktop.
Save i-blis/b1436fa300c5dd18c359 to your computer and use it in GitHub Desktop.
Download ZIP
Best practices for ssh access to remote (production) server
Raw
recipe.md

Disallowing root access with password authentication

On machines with a single sysadmin where the root account is enabled, it might still be convenient to allow root login through key pairing only by disabling remote password login for root. To this end, /etc/sshd_config should have the fololwing lines:

PermitRootLogin without-password

PubkeyAuthentication yes

Login still prompts for the password, but is eventually refused, even if correct.

Convenience setup on the client side

Set up aliases for most common used remote hosts

  • Create a config file in ~/.ssh on the client's side, or copy the system-wide ssh client configuration file from /etc/ssh_config (/private/etc/ssh_config on OS X)
  • Add a host block for each host to be aliased in the following way:
Host <alias>
   Hostname <host's name or ip address>

Host <alias>
   Hostname <host's name or ip address>
   User <username>
   Port <port>

Auto-completion on hostnames

The shell auto-completes hostnames from ~/.ssh/known_hosts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment