From 5b94850ff332d451a270805a2acad67a246a0b5a Mon Sep 17 00:00:00 2001 From: Marty Sluijtman Date: Thu, 29 Sep 2022 20:17:33 +0200 Subject: [PATCH] Small grammatical changes --- content/rambles/ssh-configuration.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/content/rambles/ssh-configuration.md b/content/rambles/ssh-configuration.md index 16f1ee8..b8c79ed 100644 --- a/content/rambles/ssh-configuration.md +++ b/content/rambles/ssh-configuration.md @@ -36,7 +36,7 @@ The only situation where _not_ using a passphrase is acceptable is when you are This is all done under the assumption that the you use the OpenSSH implementation on your server. If you use something like Dropbear, I can't help you as haven't properly dug through it's configuration file (yet). -The thing I see way to often on the internet is +The things I see _way_ to often on the internet are... * People not disabling password authentication. * People not changing the default port. @@ -65,7 +65,7 @@ In order to disable password authentication, open your SSH daemon configuration ...uncomment `PasswordAuthentication` and replace "yes" for "no". Make sure you still have a way into your server before restarting the daemon. -If you're not planning on logging in as the root user, uncomment and set the following setting to "no" +If you're not planning on logging in as the root user, uncomment and set the following setting to "no". ```sshd_config ... #PermitRootLogin prohibit-password @@ -89,7 +89,6 @@ When going through `/etc/ssh/sshd_config` you've probably come across a few line #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 ... ``` - This means that the SSH daemon will check in `.ssh/authorized_keys` in the home directory of the user as whom you're trying to log in for authorized keys. So the next step is to append your public key to this file in the home directory of the user as whom you want to be able to log in. This can be done in a few ways. @@ -98,7 +97,7 @@ The proper way is by using: ```sh ssh-copy-id -i ~/.ssh/ @ ``` -I'm usually too lazy to use the proper way and just open the file in `vi` paste it in there by hand during the same initial login where I'm disabling password authentication. +I'm usually too lazy to remember there is a proper way and just open the file in `vi` paste and it in there by hand during the same initial login when I'm disabling password authentication. Either way works fine. ## Changing the port @@ -111,7 +110,7 @@ A solution next to this is to use `fail2ban` along side changing the port. No, more in this in [the client configuration](#client-configuration) section -In `/etc/ssh/sshd_config` look for +In `/etc/ssh/sshd_config` look for... ```sshd_config ... #Port 22 @@ -120,7 +119,7 @@ In `/etc/ssh/sshd_config` look for #ListenAddress :: ... ``` -and change the `Port` to your liking, I tend to change this to something like 6969 or some other meme number. +...and change the `Port` to your liking, I tend to change this to something like 6969 or some other meme number. Another thing I tend to do is not open a port in my firewall, thus preventing any normal outside connections all together. Instead opting to only connect over Yggdrasil and/or Tor.