Skip to main content

Securing SSH

Create and secure .ssh user directory on Linux

mkdir ~/.ssh && chmod 700 ~/.ssh

Create Public/Private key pair from Windows Powershell

ssh-keygen -b 4096

You'll be prompted for a storage location which is best to leave at default.

You'll also be prompted to enter a passphrase to secure the key pair with, which is optional.

Copy Public key to Linux server from Windows Powershell

scp $env:USERPROFILE/.ssh/id_rsa.pub <username>@<serverIP>:~/.ssh/authorized_keys

You'll be prompted for your username and password to copy the file to the server.

Test logging into Linux server from Windows Powershell

ssh <username>@<serverIP>

You should not be prompted to enter a password anymore.

Secure SSH Service

sudo nano /etc/ssh/sshd_config
  • Uncomment and change Port number from 22 to something different
  • Prevent IPv6 by uncommenting AddressFamily and changing any to inet
  • Change PermitRootLogin to no
  • Change PasswordAuthentication to no

Restart SSH Service

sudo systemctl restart sshd
Back to top