How to Secure the SSH access
1> Default Port
The default port is 22, you might change to other port, such as 2222
Edit the configuration file /etc/ssh/sshd.conf. and change the following:
#Port 22
to
Port 2222
2> Configure ssh private/public key with private passphrase enable (As the amazon way)
ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/johndoe/.ssh/id_rsa):
/home/johndoe/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/johndoe/.ssh/id_rsa.
Your public key has been saved in /home/johndoe/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:fMKdGYWBTW0R4V4EUFN6X39Xcg2xLZKJ/ffGyE0QdMc johndoe@xxx.xxx
The key's randomart image is:
+---[RSA 2048]----+
| ++*OBBoo|
| . o=o* *E|
| o.B B *|
| o . = = *+|
| S = . . B|
| o . *+|
| o =|
| . |
| |
+----[SHA256]-----+
cat id_rsa.pub >> authorized_keys
AuthorizedKeysFile .ssh/authorized_
# To disable tunneled clear text passwords, change to no here!
# PasswordAuthentication yes
#PermitEmptyPasswords no
# EC2 uses keys for remote access
PasswordAuthentication no
PubkeyAuthentication yes
Subsystem sftp internal-sftp
Match group xxxxx
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
The default port is 22, you might change to other port, such as 2222
Edit the configuration file /etc/ssh/sshd.conf. and change the following:
#Port 22
to
Port 2222
2> Configure ssh private/public key with private passphrase enable (As the amazon way)
ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/johndoe/.ssh/id_rsa):
/home/johndoe/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/johndoe/.ssh/id_rsa.
Your public key has been saved in /home/johndoe/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:fMKdGYWBTW0R4V4EUFN6X39Xcg2xLZKJ/ffGyE0QdMc johndoe@xxx.xxx
The key's randomart image is:
+---[RSA 2048]----+
| ++*OBBoo|
| . o=o* *E|
| o.B B *|
| o . = = *+|
| S = . . B|
| o . *+|
| o =|
| . |
| |
+----[SHA256]-----+
cat id_rsa.pub >> authorized_keys
AuthorizedKeysFile .ssh/authorized_
# To disable tunneled clear text passwords, change to no here!
# PasswordAuthentication yes
#PermitEmptyPasswords no
# EC2 uses keys for remote access
PasswordAuthentication no
Subsystem sftp internal-sftp
Match group xxxxx
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Comments