[{"content":"The most significant change you can make to your ssh authentication is using Key-Based Authentication Instead of passwords, this makes it immune to brute force and dictionary attacks and more.\n1. add our public key to the server as force public key authentication We assume you already have a key pair. If not, Generating a new SSH key and adding it to the ssh-agent.\nFirst we will copy the Public key to the server using ssh-copy-id:\nssh-copy-id user@server_address import from Github if you have your public key in GitHub you can import it using ssh-import-id utility:\nssh-import-id-gh \u0026lt;username\u0026gt; 2. Enforce Key-Based Authentication After adding our public key we will force public key authentication by creating /etc/ssh/sshd_config.d/20-force_publickey_auth.conf (depending on your configuration we will add this in ssd_config.d folder):\nPasswordAuthentication no AuthenticationMethods publickey Warning: Before restarting, ensure you have an active session open. If your config is wrong, you may be locked out.\nAfter forcing public key authentication we will restart the SSH service:\nsudo systemctl restart sshd if you use ssh daemon instead of sshd restart ssh.\nBonus. SSH hardening guide \u0026ldquo;Allowing remote log-on through SSH is good for administrative purposes, but can pose a threat to your server\u0026rsquo;s security. Often the target of brute force attacks, SSH access needs to be limited properly to prevent third parties gaining access to your server.\u0026rdquo; - OpenSSH Arch Wiki To do this we can follow the SSH hardening guides.\nTo check if you have configured it correctly you can use the ssh-audit utility against your server.\nssh-audit \u0026lt;server IP\u0026gt; sources:\nOpenSSH - ArchWiki\nssh-import-id - Ubuntu Manpages\n","permalink":"https://omegadl2.com/posts/secure-ssh-configuration/","summary":"\u003cp\u003eThe most significant change you can make to your ssh authentication is using Key-Based Authentication Instead of passwords, this makes it immune to brute force and dictionary attacks and more.\u003c/p\u003e\n\u003ch2 id=\"1-add-our-public-key-to-the-server-as-force-public-key-authentication\"\u003e1. add our public key to the server as force public key authentication\u003c/h2\u003e\n\u003cp\u003eWe assume you already have a key pair. If not, \u003ca href=\"https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent\"\u003eGenerating a new SSH key and adding it to the ssh-agent\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eFirst we will copy the Public key to the server using \u003cem\u003e\u003cstrong\u003e\u003ccode\u003essh-copy-id\u003c/code\u003e\u003c/strong\u003e\u003c/em\u003e:\u003c/p\u003e","title":"Secure SSH Configuration"}]