005-ssh-hardening.md (745B) [raw]
1 --- 2 title: 005-ssh-hardening 3 --- 4 5 # 005-ssh-hardening 6 7 Tues Sept 21, 2021 8 9 Just a quick note/reminder that one of the FIRST things you should 10 ALWAYS do on a new machine is make sure: 11 12 1. root cannot log in (PermitRootLogin no) 13 2. passwords are not accepted (ssh-key only -- PasswordAuthentication no) 14 15 Both these are set under /etc/ssh/sshd_config. Make sure to upload 16 your ~/.ssh/id_rsa.pub first to ~/.ssh/authorized_keys (so as not 17 to lock yourself out!) and then make the edits and reload the daemon: 18 19 # rcctl reload sshd 20 21 We waited literally only 4 hrs to do this and we already had script 22 kiddies knocking down our /var/log/authlog :( 23 24 If my old coworker Joe was right about one thing, it's that the 25 internet these days is a cesspool.