If you're a Linux administrator, you've probably used ssh once or twice. Jack Wallen offers up a few tips to make that experience more secure and efficient.
As a Linux systems administrator, secure shell will be your best friend. You'll use it every day and it will serve you well. But don't use it unwisely, as you can find yourself and your server in a state of possible compromise. Here are a few tips to make sure your secure shell experience is smooth.
First off, make use of ssh-key encryption. This isn't hard. All you have to do is generate a key, on the server, with the ssh-keygen command and then, once the key is created, copy it from the server to the desktop using the ssh-copy-id command. Once you've successfully logged in with the ssh-key, you can then disable password authentication within the /etc/ssh/sshd_config file.
You should also disable root user login via ssh. To do this, open up the /etc/ssh/sshd_config file, look for the PermitRootLogin line and change the yes to no. Save the file and restart the ssh daemon. The root user can no longer login via ssh.
Last but not least, if you've enabled ssh-key authentication, you can make use of the ssh-add and ssh-agent commands, which allow you to add your ssh keys and then start an agent instance, such that you do not need to keep entering your ssh key passwords. Once you're done with the session, you can exit out of the session and the next time you attempt to log in with ssh, you'll have to have the password. Just remember to exit the ssh-agent session to be safe.
Secure shell is a powerful program and can be an administrator's best friend...especially when used properly.
Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Sign up today Sign up todayAlso see
- The Complete Guide to LPIC 1 Linux Administrator Exam (TechRepublic Academy)
- Five ways to minimize fileless malware infections (TechRepublic)
- How to set up ssh key authentication (TechRepublic)
- How to protect secure shell on CentOS 7 with Fail2ban (TechRepublic)
- How to use Linux's built-in USB attack protection (ZDNet)
