As a Linux systems administrator, secure shell will be your best friend. You'll use it every day and it will serve you well. But don't use it unwisely, as you can find yourself and your server in a state of possible compromise. Here are a few tips to make sure your secure shell experience is smooth.
First off, make use of ssh-key encryption. This isn't hard. All you have to do is generate a key, on the server, with the ssh-keygen command and then, once the key is created, copy it from the server to the desktop using the ssh-copy-id command. Once you've successfully logged in with the ssh-key, you can then disable password authentication within the /etc/ssh/sshd_config file.
You should also disable root user login via ssh. To do this, open up the /etc/ssh/sshd_config file, look for the PermitRootLogin line and change the yes to no. Save the file and restart the ssh daemon. The root user can no longer login via ssh.
Last but not least, if you've enabled ssh-key authentication, you can make use of the ssh-add and ssh-agent commands, which allow you to add your ssh keys and then start an agent instance, such that you do not need to keep entering your ssh key passwords. Once you're done with the session, you can exit out of the session and the next time you attempt to log in with ssh, you'll have to have the password. Just remember to exit the ssh-agent session to be safe.
Secure shell is a powerful program and can be an administrator's best friend...especially when used properly.
- The Complete Guide to LPIC 1 Linux Administrator Exam (TechRepublic Academy)
- Five ways to minimize fileless malware infections (TechRepublic)
- How to set up ssh key authentication (TechRepublic)
- How to protect secure shell on CentOS 7 with Fail2ban (TechRepublic)
- How to use Linux's built-in USB attack protection (ZDNet)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.