Linux SSH
Lock SSH
1
2
3
4
5
6
7
8
cat <<EOF >> /etc/ssh/sshd_config
MaxAuthTries 3
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
UsePAM yes
PubkeyAuthentication yes
EOF
OR
1
sed -i -e 's/#PasswordAuthentication yes/PasswordAuthentication no/i' /etc/ssh/sshd_config
Create key
1
ssh-keygen -b 4096
Cat your Key
1
cat ~/.ssh/id_rsa.pub
Add Key to SSH
1
cat id_rsa.pub >> /home/$USER/.ssh/authorized_keys
Known Hosts
Remove Entry from the Known-Hosts File.
1
ssh-keygen -R hostname
Using the SSH Config File
If you are regularly connecting to multiple remote systems over SSH, you can configure your remote servers with the .ssh/config file.
Example:*
1
2
3
4
5
6
7
8
9
Host dev
HostName dev.your-domain
User xcad
Port 7654
IdentityFile ~/.ssh/targaryen.key
Host *
User root
Compression yes
Connect to a host (like dev , eg.) with ssh dev.
Logging SSH Users
If you want to log all users comming true SSHand send Slack notification.
1
2
3
4
5
6
7
#!/bin/bash
echo "Success user login on jump-staging" > /tmp/logging.txt
last -3 -i | awk '{print $1,$3,$4,$5,$6,$7,$8,$9,$10}' >> /tmp/logging.txt
message=$(cat /tmp/logging.txt | head -n 4)
curl -X POST -H 'Content-type:application/json' --data '{"text":"'"\`\`\`$message\`\`\`"'"}' https://hooks.slack.com/services/T8M1RD/B01TLtF1IrGhMA9d
sudo rm /tmp/logging.txt
# This is set in /etc/profile.d/login_staging.sh
This post is licensed under CC BY 4.0 by the author.
Comments powered by Disqus.