ssh
SSH change port
Add to sshd configuration
Go to the file
# nano /etc/ssh/sshd_config
and add line
Port <SSH_NEW_PORT>
Configure SELinux
# semanage port -a -t ssh_port_t -p tcp 50
Configure Firewall
# firewall-cmd --permanent --remove-service=ssh
success
# firewall-cmd --permanent --add-port=<SSH_NEW_PORT>/tcp
success
# firewall-cmd --reload
Restart sshd service
# systemctl restart sshd
# systemctl status sshd.service
Remote access be like
# ssh -p <SSH_NEW_PORT> server@ip
SSH using keys
On your remote device follow these steps.
Generate key
Comparison: TL;DR, use RSA 4096 or ed25519.
$ ssh-keygen -t ed25519
By default, will be stored at /home/user/.ssh/id_ed25519
Generate a passphrase with KeePassXC and use it as passphrase when it asks you for one.
Add it to remote key (server)
$ ssh-copy-id -p <PORT> -i ~/.ssh/id_ed25519 user@remote
This will add the public key (i.e. id_ed25519.pub) to the the server file ~./.ssh/authorized_keys
Add passphrase to KeePassXC
Follow this tutorial, so you can add the passphrase for the generated key automatically to the ssh-agent whenever KeePassXC db is unlocked.
Now, passphrase wonβt be asked when KeePassXC is unlocked.
Disable ssh with password
https://linuxhandbook.com/ssh-disable-password-authentication/ Open file /etc/ssh/sshd_config and set
PasswordAuthentication no
Next, restart ssh service
RHEL:
$ sudo service ssh restart
Arch:
a
Last updated
Was this helpful?