ssh

SSH change port

How to change SSH port on Centos 6, 7, and 8. Changing SSH Port will help to secure your Linux VPS server, here is ultimate guide how to secure linux vps server …monovm.com

Add to sshd configuration

Go to the file

# nano /etc/ssh/sshd_config

and add line

Port <SSH_NEW_PORT>

Configure SELinux

# semanage port -a -t ssh_port_t -p tcp 50

Configure Firewall

# firewall-cmd --permanent --remove-service=ssh
success
# firewall-cmd --permanent --add-port=<SSH_NEW_PORT>/tcp
success
# firewall-cmd --reload

Restart sshd service

# systemctl restart sshd 
# systemctl status sshd.service

Remote access be like

# ssh -p <SSH_NEW_PORT> server@ip

SSH using keys

On your remote device follow these steps.

Generate key

Comparison: TL;DR, use RSA 4096 or ed25519.

$ ssh-keygen -t ed25519

By default, will be stored at /home/user/.ssh/id_ed25519

Generate a passphrase with KeePassXC and use it as passphrase when it asks you for one.

Add it to remote key (server)

$ ssh-copy-id -p <PORT> -i ~/.ssh/id_ed25519 user@remote

This will add the public key (i.e. id_ed25519.pub) to the the server file ~./.ssh/authorized_keys

Add passphrase to KeePassXC

Follow this tutorial, so you can add the passphrase for the generated key automatically to the ssh-agent whenever KeePassXC db is unlocked.

Now, passphrase won’t be asked when KeePassXC is unlocked.

Disable ssh with password

https://linuxhandbook.com/ssh-disable-password-authentication/ Open file /etc/ssh/sshd_config and set

PasswordAuthentication no

Next, restart ssh service

RHEL:

$ sudo service ssh restart

Arch:

a