Small grammatical changes
This commit is contained in:
parent
c826f11ac3
commit
5b94850ff3
|
|
@ -36,7 +36,7 @@ The only situation where _not_ using a passphrase is acceptable is when you are
|
|||
This is all done under the assumption that the you use the OpenSSH implementation on your server.
|
||||
If you use something like Dropbear, I can't help you as haven't properly dug through it's configuration file (yet).
|
||||
|
||||
The thing I see way to often on the internet is
|
||||
The things I see _way_ to often on the internet are...
|
||||
|
||||
* People not disabling password authentication.
|
||||
* People not changing the default port<!--or only allowing a range of IPs to log in-->.
|
||||
|
|
@ -65,7 +65,7 @@ In order to disable password authentication, open your SSH daemon configuration
|
|||
...uncomment `PasswordAuthentication` and replace "yes" for "no".
|
||||
Make sure you still have a way into your server before restarting the daemon.
|
||||
|
||||
If you're not planning on logging in as the root user, uncomment and set the following setting to "no"
|
||||
If you're not planning on logging in as the root user, uncomment and set the following setting to "no".
|
||||
```sshd_config
|
||||
...
|
||||
#PermitRootLogin prohibit-password
|
||||
|
|
@ -89,7 +89,6 @@ When going through `/etc/ssh/sshd_config` you've probably come across a few line
|
|||
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
|
||||
...
|
||||
```
|
||||
|
||||
This means that the SSH daemon will check in `.ssh/authorized_keys` in the home directory of the user as whom you're trying to log in for authorized keys.
|
||||
So the next step is to append your public key to this file in the home directory of the user as whom you want to be able to log in.
|
||||
This can be done in a few ways.
|
||||
|
|
@ -98,7 +97,7 @@ The proper way is by using:
|
|||
```sh
|
||||
ssh-copy-id -i ~/.ssh/<key-file> <user>@<host>
|
||||
```
|
||||
I'm usually too lazy to use the proper way and just open the file in `vi` paste it in there by hand during the same initial login where I'm disabling password authentication.
|
||||
I'm usually too lazy to remember there is a proper way and just open the file in `vi` paste and it in there by hand during the same initial login when I'm disabling password authentication.
|
||||
Either way works fine.
|
||||
|
||||
## Changing the port
|
||||
|
|
@ -111,7 +110,7 @@ A solution next to this is to use `fail2ban` along side changing the port.
|
|||
|
||||
No, more in this in [the client configuration](#client-configuration) section
|
||||
|
||||
In `/etc/ssh/sshd_config` look for
|
||||
In `/etc/ssh/sshd_config` look for...
|
||||
```sshd_config
|
||||
...
|
||||
#Port 22
|
||||
|
|
@ -120,7 +119,7 @@ In `/etc/ssh/sshd_config` look for
|
|||
#ListenAddress ::
|
||||
...
|
||||
```
|
||||
and change the `Port` to your liking, I tend to change this to something like 6969 or some other meme number.
|
||||
...and change the `Port` to your liking, I tend to change this to something like 6969 or some other meme number.
|
||||
|
||||
Another thing I tend to do is not open a port in my firewall, thus preventing any normal outside connections all together.
|
||||
Instead opting to only connect over Yggdrasil and/or Tor.
|
||||
|
|
|
|||
Loading…
Reference in a new issue