005-ssh-hardening.txt (716B) [raw]
1 # 005-ssh-hardening 2 3 _Tues Sept 21, 2021_ 4 5 Just a quick note/reminder that one of the FIRST things you should 6 ALWAYS do on a new machine is make sure: 7 8 1. root cannot log in (PermitRootLogin no) 9 2. passwords are not accepted (ssh-key only -- PasswordAuthentication no) 10 11 Both these are set under `/etc/ssh/sshd_config`. Make sure to upload 12 your `~/.ssh/id_rsa.pub` first to `~/.ssh/authorized_keys` (so as not 13 to lock yourself out!) and then make the edits and reload the daemon: 14 15 # rcctl reload sshd 16 17 We waited literally only 4 hrs to do this and we already had script 18 kiddies knocking down our /var/log/authlog :( 19 20 If my old coworker Joe was right about one thing, it's that the 21 internet these days is a cesspool.