Differences

This shows you the differences between two versions of the page.

--- ubuntu:ssh [2019/12/04 21:19] – peter
+++ ubuntu:ssh [2025/05/21 09:50] (current) – peter
@@ Line 1: / Line 1: @@
 ====== SSH ======
-[[SSH:Blacklist a public key|Blacklist a public key]]
+SSH, or Secure Shell, enables users to connect to a remote server securely.
-[[SSH:Check the Current SSH Ports|Check the Current SSH Ports]]
+  * the main advantage is server authentication, through the use of public key cryptography.
-[[SSH:Configure sshd|Configure sshd]]
+Here are a few things you need to tweak in order to improve SSH server security.
-[[SSH:Configure sshd with multiple authentication factors|Configure sshd with multiple authentication factors]]
+<WRAP important>
+**IMPORTANT:**  Before making any modifications to the **/etc/sshd_config** file, make a backup by:
-[[SSH:Configuring sshd|Configuring sshd]]
+<code bash>
+sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
+</code>
-[[SSH:Disabling sshd|Disabling sshd]]
+...and
-[[SSH:Distribute public keys|Distribute public keys]]
+<code bash>
+sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
+</code>
+</WRAP>
-[[SSH:Get the host's fingerprint|Get the host's fingerprint]]
+<WRAP info>
+**NOTE**: Not all of the possible changes mentioned below have to be made.
-[[SSH:Install SSH|Install SSH]]
+Some changes are not recommended to be made but may offer tighter security depending on your requirements.
+</WRAP>
-[[SSH:Limit user logins|Limit user logins]]
+----
-[[SSH:Manage SSH Key File With Passphrase|Manage SSH Key File With Passphrase]]
+[[Ubuntu:SSH:Agent forwarding|Agent forwarding]]
-[[SSH:Override socket-activated SSH|Override socket-activated SSH]]
+[[Ubuntu:SSH:Blacklist a public key|Blacklist a public key]]
-[[SSH:Restart SSH|Restart SSH]]
+[[Ubuntu:SSH:Change the Port|Change the Port]]
-[[SSH:Setup SSH Keys|Setup SSH Keys]]
-[[SSH:Test mode|Test mode]]
-[[SSH:Troubleshooting SSH|Troubleshooting SSH]]
-----
-[[Ubuntu:SSH:Blacklist a public key|Blacklist a public key]]
 [[Ubuntu:SSH:Check the Current SSH Ports|Check the Current SSH Ports]]
@@ Line 45: / Line 42: @@
 [[Ubuntu:SSH:Configuring sshd|Configuring sshd]]
+[[Ubuntu:SSH:Creating public/private key authentication for SSH|Creating public/private key authentication for SSH]]
+[[Ubuntu:SSH:Disable SSH root login|Disable SSH root login]]
 [[Ubuntu:SSH:Disabling sshd|Disabling sshd]]
 [[Ubuntu:SSH:Distribute public keys|Distribute public keys]]
+[[Ubuntu:SSH:ERROR - SSH Connection Refused|ERROR - SSH Connection Refused]]
 [[Ubuntu:SSH:Get the host's fingerprint|Get the host's fingerprint]]
@@ Line 59: / Line 62: @@
 [[Ubuntu:SSH:Override socket-activated SSH|Override socket-activated SSH]]
+[[Ubuntu:SSH:Port Forwarding|Port Forwarding]]
 [[Ubuntu:SSH:Restart SSH|Restart SSH]]
 [[Ubuntu:SSH:Setup SSH Keys|Setup SSH Keys]]
+[[Ubuntu:SSH:SSH Login Message|SSH Login Message]]
 [[Ubuntu:SSH:Test mode|Test mode]]
@@ Line 68: / Line 75: @@
 [[Ubuntu:SSH:Troubleshooting SSH|Troubleshooting SSH]]
+[[Ubuntu:SSH:Two-Factor Authentication (using Google Authenticator)|Two-Factor Authentication (using Google Authenticator)]]
-----
+[[Ubuntu:SSH:Use SSH without a password|Use SSH without a password]]
-===== OpenSSH =====
-OpenSSH is the implementation of the SSH protocol on Ubuntu.
-OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems.
-However, the main advantage is server authentication, through the use of public key cryptography.
-Here are a few things you need to tweak in order to improve OpenSSH server security:
-Before making any modifications to the **/etc/sshd_config** file, make a backup by:
-<code bash>
-sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
-</code>
-...and
-<code bash>
-sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
-</code>
-**NOTE**: Not all of the possible changes mentioned below have to be made. Some changes are not recommended to be made but may offer tighter security depending on your requirements.