Skip to main content

Step 2: Securing OpenSSH

The OpenSSH server configuration should be located at /etc/ssh/sshd_config but we aren't going to edit this file. We are going to create a new file at /etc/ssh/sshd_config.d/hardening.conf. (add video)

First, we will disallow connecting with a password. For that we are going to need a SSH key. If you already have one skip the next few steps (until where?).

To create a SSH key, we are going to run this command on our device (not the server!): ssh-keygen -t ed25519. Press Enter once to confirm the path (leave as default!). It will then ask for a passphrase. You can leave it empty if you can assure that no one will ever get access to the private key, else set one.
After this, blah blah blah...

Back to top