Config Files
~/.ssh/*, /etc/ssh/ssh_config, and /etc/ssh/sshd_config
There are no required changes to any of these files. However, you
may wish to view the /etc/ssh/
files and make any changes appropriate for the security of your
system. One recommended change is that you disable root login via ssh. Execute the following
command as the root user to
disable root login via
ssh:
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
If you want to be able to log in without typing in your password,
first create ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub with
ssh-keygen and then
copy ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys on the remote
computer that you want to log into. You'll need to change
REMOTE_USERNAME and REMOTE_HOSTNAME for the username and hostname
of the remote computer and you'll also need to enter your
password for the ssh-copy-id command to succeed:
ssh-keygen &&
ssh-copy-id -i ~/.ssh/id_rsa.pub REMOTE_USERNAME@REMOTE_HOSTNAME
Once you've got passwordless logins working it's actually more
secure than logging in with a password (as the private key is
much longer than most people's passwords). If you would like to
now disable password logins, as the root user:
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config &&
echo "KbdInteractiveAuthentication no" >> /etc/ssh/sshd_config
If you added Linux-PAM support
and you want ssh to use it then you will need to add a
configuration file for sshd and
enable use of LinuxPAM. Note,
ssh only uses PAM to check passwords, if you've disabled password
logins these commands are not needed. If you want to use PAM,
issue the following commands as the root user:
sed 's@d/login@d/sshd@g' /etc/pam.d/login > /etc/pam.d/sshd &&
chmod 644 /etc/pam.d/sshd &&
echo "UsePAM yes" >> /etc/ssh/sshd_config
Additional configuration information can be found in the man
pages for sshd,
ssh and
ssh-agent.