Small grammatical changes

This commit is contained in:
Nox Sluijtman 2022-09-29 20:17:33 +02:00
parent c826f11ac3
commit 5b94850ff3

View file

@ -36,7 +36,7 @@ The only situation where _not_ using a passphrase is acceptable is when you are
This is all done under the assumption that the you use the OpenSSH implementation on your server.
If you use something like Dropbear, I can't help you as haven't properly dug through it's configuration file (yet).
The thing I see way to often on the internet is
The things I see _way_ to often on the internet are...
* People not disabling password authentication.
* People not changing the default port<!--or only allowing a range of IPs to log in-->.
@ -65,7 +65,7 @@ In order to disable password authentication, open your SSH daemon configuration
...uncomment `PasswordAuthentication` and replace "yes" for "no".
Make sure you still have a way into your server before restarting the daemon.
If you're not planning on logging in as the root user, uncomment and set the following setting to "no"
If you're not planning on logging in as the root user, uncomment and set the following setting to "no".
```sshd_config
...
#PermitRootLogin prohibit-password
@ -89,7 +89,6 @@ When going through `/etc/ssh/sshd_config` you've probably come across a few line
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
...
```
This means that the SSH daemon will check in `.ssh/authorized_keys` in the home directory of the user as whom you're trying to log in for authorized keys.
So the next step is to append your public key to this file in the home directory of the user as whom you want to be able to log in.
This can be done in a few ways.
@ -98,7 +97,7 @@ The proper way is by using:
```sh
ssh-copy-id -i ~/.ssh/<key-file> <user>@<host>
```
I'm usually too lazy to use the proper way and just open the file in `vi` paste it in there by hand during the same initial login where I'm disabling password authentication.
I'm usually too lazy to remember there is a proper way and just open the file in `vi` paste and it in there by hand during the same initial login when I'm disabling password authentication.
Either way works fine.
## Changing the port
@ -111,7 +110,7 @@ A solution next to this is to use `fail2ban` along side changing the port.
No, more in this in [the client configuration](#client-configuration) section
In `/etc/ssh/sshd_config` look for
In `/etc/ssh/sshd_config` look for...
```sshd_config
...
#Port 22
@ -120,7 +119,7 @@ In `/etc/ssh/sshd_config` look for
#ListenAddress ::
...
```
and change the `Port` to your liking, I tend to change this to something like 6969 or some other meme number.
...and change the `Port` to your liking, I tend to change this to something like 6969 or some other meme number.
Another thing I tend to do is not open a port in my firewall, thus preventing any normal outside connections all together.
Instead opting to only connect over Yggdrasil and/or Tor.