sshd
debian |
openssh-server |
Todo
refresh sshd_config configuration
Check options
sshd -t
sshd -T
List algorithms
ssh -Q cipher
ssh -Q cipher-auth
ssh -Q mac
ssh -Q kex
ssh -Q key
Configure
/etc/ssh/moduli
Generate usable prime numbers pool.
Warning
These are VERY long operations!
ssh-keygen -b 4096 -G 4096.G
ssh-keygen -f 4096.G -T moduli
/etc/ssh/ssh_host_*_key
types: rsa/ed25519/…?
ssh-keygen -b 4096 -f /etc/ssh/ssh_host_rsa_key
/etc/ssh/sshd_config
# daemon
AllowTcpForwarding yes
ClientAliveInterval 30
Compression no
HostKey /etc/ssh/ssh_host_rsa_key
IgnoreRhosts yes
LogLevel INFO
MaxStartups 16:32:64
PermitTunnel no
Port 22
Protocol 2
Subsystem sftp internal-sftp
TCPKeepAlive yes
UseDNS no
UseLogin no
UsePAM no
X11Forwarding no
# authentication
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
HostbasedAuthentication no
KexAlgorithms sntrup761x25519-sha512@openssh.com
LoginGraceTime 60
MACs hmac-sha2-512-etm@openssh.com
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin prohibit-password
PubkeyAuthentication yes
StrictModes yes
UsePrivilegeSeparation sandbox
# prompt
Banner none
DebianBanner no
PrintLastLog yes
PrintMotd no
VersionAddendum none
authorized_keys
Todo
about