Small grammatical changes
This commit is contained in:
parent
c826f11ac3
commit
5b94850ff3
|
@ -36,7 +36,7 @@ The only situation where _not_ using a passphrase is acceptable is when you are
|
||||||
This is all done under the assumption that the you use the OpenSSH implementation on your server.
|
This is all done under the assumption that the you use the OpenSSH implementation on your server.
|
||||||
If you use something like Dropbear, I can't help you as haven't properly dug through it's configuration file (yet).
|
If you use something like Dropbear, I can't help you as haven't properly dug through it's configuration file (yet).
|
||||||
|
|
||||||
The thing I see way to often on the internet is
|
The things I see _way_ to often on the internet are...
|
||||||
|
|
||||||
* People not disabling password authentication.
|
* People not disabling password authentication.
|
||||||
* People not changing the default port<!--or only allowing a range of IPs to log in-->.
|
* People not changing the default port<!--or only allowing a range of IPs to log in-->.
|
||||||
|
@ -65,7 +65,7 @@ In order to disable password authentication, open your SSH daemon configuration
|
||||||
...uncomment `PasswordAuthentication` and replace "yes" for "no".
|
...uncomment `PasswordAuthentication` and replace "yes" for "no".
|
||||||
Make sure you still have a way into your server before restarting the daemon.
|
Make sure you still have a way into your server before restarting the daemon.
|
||||||
|
|
||||||
If you're not planning on logging in as the root user, uncomment and set the following setting to "no"
|
If you're not planning on logging in as the root user, uncomment and set the following setting to "no".
|
||||||
```sshd_config
|
```sshd_config
|
||||||
...
|
...
|
||||||
#PermitRootLogin prohibit-password
|
#PermitRootLogin prohibit-password
|
||||||
|
@ -89,7 +89,6 @@ When going through `/etc/ssh/sshd_config` you've probably come across a few line
|
||||||
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
|
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
This means that the SSH daemon will check in `.ssh/authorized_keys` in the home directory of the user as whom you're trying to log in for authorized keys.
|
This means that the SSH daemon will check in `.ssh/authorized_keys` in the home directory of the user as whom you're trying to log in for authorized keys.
|
||||||
So the next step is to append your public key to this file in the home directory of the user as whom you want to be able to log in.
|
So the next step is to append your public key to this file in the home directory of the user as whom you want to be able to log in.
|
||||||
This can be done in a few ways.
|
This can be done in a few ways.
|
||||||
|
@ -98,7 +97,7 @@ The proper way is by using:
|
||||||
```sh
|
```sh
|
||||||
ssh-copy-id -i ~/.ssh/<key-file> <user>@<host>
|
ssh-copy-id -i ~/.ssh/<key-file> <user>@<host>
|
||||||
```
|
```
|
||||||
I'm usually too lazy to use the proper way and just open the file in `vi` paste it in there by hand during the same initial login where I'm disabling password authentication.
|
I'm usually too lazy to remember there is a proper way and just open the file in `vi` paste and it in there by hand during the same initial login when I'm disabling password authentication.
|
||||||
Either way works fine.
|
Either way works fine.
|
||||||
|
|
||||||
## Changing the port
|
## Changing the port
|
||||||
|
@ -111,7 +110,7 @@ A solution next to this is to use `fail2ban` along side changing the port.
|
||||||
|
|
||||||
No, more in this in [the client configuration](#client-configuration) section
|
No, more in this in [the client configuration](#client-configuration) section
|
||||||
|
|
||||||
In `/etc/ssh/sshd_config` look for
|
In `/etc/ssh/sshd_config` look for...
|
||||||
```sshd_config
|
```sshd_config
|
||||||
...
|
...
|
||||||
#Port 22
|
#Port 22
|
||||||
|
@ -120,7 +119,7 @@ In `/etc/ssh/sshd_config` look for
|
||||||
#ListenAddress ::
|
#ListenAddress ::
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
and change the `Port` to your liking, I tend to change this to something like 6969 or some other meme number.
|
...and change the `Port` to your liking, I tend to change this to something like 6969 or some other meme number.
|
||||||
|
|
||||||
Another thing I tend to do is not open a port in my firewall, thus preventing any normal outside connections all together.
|
Another thing I tend to do is not open a port in my firewall, thus preventing any normal outside connections all together.
|
||||||
Instead opting to only connect over Yggdrasil and/or Tor.
|
Instead opting to only connect over Yggdrasil and/or Tor.
|
||||||
|
|
Loading…
Reference in a new issue