SSH cheatsheet

Config

sudo vim /etc/ssh/sshd_config

• PasswordAuthentication
  • yes Allow users to login with password
  • no Certificate only

sudo apt-get install fail2ban

Adds a tool that bans for 10 mins after 5 failed password attempts

usermod -aG sudo username

Adds username to the sudoers group (may need sshd restart)

Create certs

Generate new certificate (on client side)

ssh-keygen

Copy certificate to server

ssh-copy-id

to specify the id you just created

ssh -i identity_file args
scp -i identity_file args

Useful commands

Restart sshd

sudo /etc/init.d/ssh restart

Check recent login attempts

cat /var/log/auth.log | grep sshd