Stefan Seelmann

SSH Server

This page describes installation and secure configuration of an OpenSSH server.

Installation and secure configuration

# apt-get install openssh-server

In /etc/ssh/sshd_config:

AddressFamily inet
PermitRootLogin no
PasswordAuthentication no
ClientAliveInterval 10

This disables root login and password authentication.

Restart the SSH server:

# /etc/init.d/ssh restart

Get fingerprints

# ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
# ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub
# ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub

Login user

As root login is disabled a login user is required.

# adduser foo

Copy public key to /home/foo/.ssh/authorized_keys

Sudo

Usage of sudo is also recommended to avoid using root's password.

# apt-get install sudo

Allow full access for the user, using visudo -f /etc/sudoers.d/server:

foo ALL=(ALL:ALL) ALL

It is also possible to run sudo without entering the password (not recommended):

foo ALL=(ALL:ALL) NOPASSWD: ALL