Differences

This shows you the differences between two versions of the page.

--- ubuntu:ssh [2019/11/24 14:18] – created peter
+++ ubuntu:ssh [2025/05/21 09:50] (current) – peter
@@ Line 1: / Line 1: @@
 ====== SSH ======
-[[SSH:Blacklist a public key|Blacklist a public key]]
+SSH, or Secure Shell, enables users to connect to a remote server securely.
-[[SSH:Check the Current SSH Ports|Check the Current SSH Ports]]
+  * the main advantage is server authentication, through the use of public key cryptography.
-[[SSH:Configure sshd|Configure sshd]]
+Here are a few things you need to tweak in order to improve SSH server security.
-[[SSH:Configure sshd with multiple authentication factors|Configure sshd with multiple authentication factors]]
+<WRAP important>
+**IMPORTANT:**  Before making any modifications to the **/etc/sshd_config** file, make a backup by:
-[[SSH:Configuring sshd|Configuring sshd]]
+<code bash>
+sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
+</code>
-[[SSH:Disabling sshd|Disabling sshd]]
+...and
-[[SSH:Distribute public keys|Distribute public keys]]
+<code bash>
+sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
+</code>
+</WRAP>
-[[SSH:Get the host's fingerprint|Get the host's fingerprint]]
+<WRAP info>
+**NOTE**: Not all of the possible changes mentioned below have to be made.
-[[SSH:Install SSH|Install SSH]]
+Some changes are not recommended to be made but may offer tighter security depending on your requirements.
+</WRAP>
-[[SSH:Limit user logins|Limit user logins]]
+----
-[[SSH:Manage SSH Key File With Passphrase|Manage SSH Key File With Passphrase]]
+[[Ubuntu:SSH:Agent forwarding|Agent forwarding]]
-[[SSH:Override socket-activated SSH|Override socket-activated SSH]]
+[[Ubuntu:SSH:Blacklist a public key|Blacklist a public key]]
-[[SSH:Restart SSH|Restart SSH]]
+[[Ubuntu:SSH:Change the Port|Change the Port]]
-[[SSH:Setup SSH Keys|Setup SSH Keys]]
+[[Ubuntu:SSH:Check the Current SSH Ports|Check the Current SSH Ports]]
-[[SSH:Test mode|Test mode]]
+[[Ubuntu:SSH:Configure sshd|Configure sshd]]
-[[SSH:Troubleshooting SSH|Troubleshooting SSH]]
+[[Ubuntu:SSH:Configure sshd with multiple authentication factors|Configure sshd with multiple authentication factors]]
+[[Ubuntu:SSH:Configuring sshd|Configuring sshd]]
-===== OpenSSH =====
+[[Ubuntu:SSH:Creating public/private key authentication for SSH|Creating public/private key authentication for SSH]]
-OpenSSH is the implementation of the SSH protocol on Ubuntu. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography.
+[[Ubuntu:SSH:Disable SSH root login|Disable SSH root login]]
-Here are a few things you need to tweak in order to improve OpenSSH server security:
+[[Ubuntu:SSH:Disabling sshd|Disabling sshd]]
-Before making any modifications to the **/etc/sshd_config** file, make a backup by:
+[[Ubuntu:SSH:Distribute public keys|Distribute public keys]]
-<code bash>
+[[Ubuntu:SSH:ERROR - SSH Connection Refused|ERROR - SSH Connection Refused]]
-sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
-</code>
-...and
+[[Ubuntu:SSH:Get the host's fingerprint|Get the host's fingerprint]]
-<code bash>
+[[Ubuntu:SSH:Install SSH|Install SSH]]
-sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
-</code>
+[[Ubuntu:SSH:Limit user logins|Limit user logins]]
+[[Ubuntu:SSH:Manage SSH Key File With Passphrase|Manage SSH Key File With Passphrase]]
+[[Ubuntu:SSH:Override socket-activated SSH|Override socket-activated SSH]]
+[[Ubuntu:SSH:Port Forwarding|Port Forwarding]]
+[[Ubuntu:SSH:Restart SSH|Restart SSH]]
+[[Ubuntu:SSH:Setup SSH Keys|Setup SSH Keys]]
+[[Ubuntu:SSH:SSH Login Message|SSH Login Message]]
+[[Ubuntu:SSH:Test mode|Test mode]]
+[[Ubuntu:SSH:Troubleshooting SSH|Troubleshooting SSH]]
+[[Ubuntu:SSH:Two-Factor Authentication (using Google Authenticator)|Two-Factor Authentication (using Google Authenticator)]]
-**NOTE**: Not all of the possible changes mentioned below have to be made. Some changes are not recommended to be made but may offer tighter security depending on your requirements.
+[[Ubuntu:SSH:Use SSH without a password|Use SSH without a password]]