38 lines
1.5 KiB
Markdown
38 lines
1.5 KiB
Markdown
# /etc/ssh: Included files
|
|
|
|
## SSH server configuration (sshd_config)
|
|
|
|
This is a pretty basic SSH server setup with a few options initially commented
|
|
out for ease of setup. You should generate SSH Host Keys and enable the
|
|
relevant lines in the configuration. In addition, you should generate ssh
|
|
key-pairs for your users and then set both *PermitRootLogin* and
|
|
*PasswordAuthentication* to **no**.
|
|
|
|
The default configuration included here will:
|
|
|
|
- listen on all configured interfaces
|
|
- **listen on non-standard port 222**
|
|
- permit root login
|
|
- permit passwords for authentication
|
|
|
|
The commented lines indicate the *recommended settings* and appear directly
|
|
before the setting currently enabled that should be changed (i.e. line removed
|
|
and replaced with the commented line above it).
|
|
|
|
Please see my post at [My Techie-Thoughts](https://mytechiethoughts.com/setting-up-ssh-with-ed25519-user-and-host-keys-for-easy-secure-access/) for detailed
|
|
instructions on setting up a secure SSH server.
|
|
|
|
## Banner file (banner)
|
|
|
|
This is a sample file that can be displayed upon successful authentication to
|
|
your server via SSH. It is included only as an example and does not need to be
|
|
used. You can delete/change/replace it freely. It is referenced in the
|
|
*sshd_config* on the line that reads:
|
|
|
|
```ini
|
|
#Banner /etc/ssh/banner
|
|
```
|
|
|
|
If you want to use the banner file, edit it as desired then un-comment this line
|
|
in your *sshd_config*. If you do not want a banner displayed, simply leave this
|
|
line commented (as-is) in your configuration. |