Lock SSH
1
2
3
4
5
6
7
8
| cat <<EOF >> /etc/ssh/sshd_config
MaxAuthTries 3
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
UsePAM yes
PubkeyAuthentication yes
EOF
|
OR
1
| sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/i' /etc/ssh/sshd_config
|
Create key
Cat your Key
Add Key to SSH
1
| cat id_rsa.pub >> /home/$USER/.ssh/authorized_keys
|
Known Hosts
Remove Entry from the Known-Hosts File.
Using the SSH Config File
If you are regularly connecting to multiple remote systems over SSH, you can configure your remote servers with the .ssh/config
file.
Example:*
1
2
3
4
5
6
7
8
9
| Host dev
HostName dev.your-domain
User xcad
Port 7654
IdentityFile ~/.ssh/targaryen.key
Host *
User root
Compression yes
|
Connect to a host (like dev , eg.) with ssh dev
.
Logging SSH Users
If you want to log all users comming true SSHand send Slack notification.
1
2
3
4
5
6
7
| #!/bin/bash
echo "Success user login on jump-staging" > /tmp/logging.txt
last -3 -i | awk '{print $1,$3,$4,$5,$6,$7,$8,$9,$10}' >> /tmp/logging.txt
message=$(cat /tmp/logging.txt | head -n 4)
curl -X POST -H 'Content-type:application/json' --data '{"text":"'"\`\`\`$message\`\`\`"'"}' https://hooks.slack.com/services/T8M1RD/B01TLtF1IrGhMA9d
sudo rm /tmp/logging.txt
# This is set in /etc/profile.d/login_staging.sh
|
Comments powered by Disqus.