updated /etc/ssh readme

2019-01-09 04:04:18 -07:00 · 2019-01-09 04:04:18 -07:00 · a19f626e2b
parent ef9ba96918
commit a19f626e2b
1 changed files with 36 additions and 0 deletions
--- a/config/etc/ssh/readme.md
+++ b/config/etc/ssh/readme.md
@ -0,0 +1,36 @@
+# /etc/ssh: Included files
+
+## SSH server configuration (sshd_config)
+
+This is a pretty basic SSH server setup with a few options initially commented
+out for ease of setup.  You should generate SSH Host Keys and enable the
+relevant lines in the configuration.  In addition, you should generate ssh
+key-pairs for your users and then set both *PermitRootLogin* and
+*PasswordAuthentication* to **no**.
+
+The default configuration included here will:
+- listen on all configured interfaces
+- **listen on non-standard port 222**
+- permit root login
+- permit passwords for authentication
+
+The commented lines indicate the *recommended settings* and appear directly
+before the setting currently enabled that should be changed (i.e. line removed
+and replaced with the commented line above it).
+
+Please see my post at https://mytechiethoughts.com/<post_address> for detailed
+instructions on setting up a secure SSH server.
+
+## Banner file (banner)
+
+This is a sample file that can be displayed upon successful authentication to
+your server via SSH.  It is included only as an example and does not need to be
+used.  You can delete/change/replace it freely.  It is referenced in the
+*sshd_config* on the line that reads:
+
+```ini
+#Banner /etc/ssh/banner
+```
+
+If you want to use the banner file, edit it as desired then uncomment this line
+in your *sshd_config*.