Securing SSH

Create and secure .ssh user directory on Linux

mkdir ~/.ssh && chmod 700 ~/.ssh

Create Public/Private key pair from Windows Powershell

ssh-keygen -b 4096

You'll be prompted for a storage location which is best to leave at default.

You'll also be prompted to enter a passphrase to secure the key pair with, which is optional.

Copy Public key to Linux server from Windows Powershell

scp $env:USERPROFILE/.ssh/id_rsa.pub <username>@<serverIP>:~/.ssh/authorized_keys

You'll be prompted for your username and password to copy the file to the server.

Test logging into Linux server from Windows Powershell

ssh <username>@<serverIP>

You should not be prompted to enter a password anymore.

Secure SSH Service

sudo nano /etc/ssh/sshd_config

• Uncomment and change Port number from 22 to something different
• Prevent IPv6 by uncommenting AddressFamily and changing any to inet
• Change PermitRootLogin to no
• Change PasswordAuthentication to no

Restart SSH Service

sudo systemctl restart sshd

Test logging into Linux server from Windows Powershell

Before logging off or closing the the currently connected session on port 22, test that the old port doesn't work and that the new port works with a new Powershell instance:

ssh <username>@<serverIP>

You should not be able to login using this on the default port, but the next command should work:

ssh <username>@<serverIP> -p <port>