This is an old revision of the document!

SSH - Configuring sshd

Disable logins for the root user, only allow login for the core user and disable password based authentication.

permissions: 0600 owner: root:root

# Use most defaults for sshd configuration.
UsePrivilegeSeparation sandbox
Subsystem sftp internal-sftp
 
PermitRootLogin no
AllowUsers core
PasswordAuthentication no
ChallengeResponseAuthentication no

Changing the sshd port

With socket-activated SSH by default. The configuration for this can be found at /usr/lib/systemd/system/sshd.socket.

/usr/lib/systemd/system/sshd.socket

[Socket]
ListenStream=2222
FreeBind=true
Accept=yes

sshd will now listen only on port 2222 on all interfaces when the system is built.

Multiple ListenStream lines can be specified, in which case sshd will listen on all the specified sockets:

/usr/lib/systemd/system/sshd.socket

[Socket]
ListenStream=2222
ListenStream=10.20.30.40:2223
FreeBind=true

sshd will now listen to port 2222 on all configured addresses, and port 2223 on 10.20.30.40.

Wiki

Table of Contents

SSH - Configuring sshd

Disable logins for the root user, only allow login for the core user and disable password based authentication.

Changing the sshd port

Table of Contents

SSH - Configuring sshd

Disable logins for the **root** user, only allow login for the core user and disable password based authentication.

Changing the sshd port

Disable logins for the root user, only allow login for the core user and disable password based authentication.