🎯 This repository hosts my hardened version of OpenSSH server on OpenBSD.
📝 Here the man for sshd_config.
🛡️ Too many admins overlook SSH configuration when setting up new systems. Unfortunately, the defaults for many operating systems are optimized for compatibility, not security❗
- You need to have an account with doas set correctly.
- You need to create a key for your user:
ssh-keygen -f ~/user-key-ed25519 -t ed25519-> Enter a passphrase please 😉ssh-copy-id -i ~/.ssh/user-key-ed25519 user@host_destination:/.....
Once the public key has been configured on the server, the server will allow any connecting user that has the private key to log in. During the login process, the client proves possession of the private key by digitally signing the key exchange.
- Backup your current file like this:
- cp
/etc/ssh/sshd_config/etc/ssh/sshd_config.ori
- cp
- Download the file
sshd_configfrom the repository in your local terminal session - Review the content of the
sshd_configfile to make sure those settings are suitable with your configuration:- Search AllowUsers and replace your_username_here with your username
- Search Banner and replace /your_path_here/your_file_here with the right path file for your banner
- Overwrite your file:
- mv
ssh_config/etc/ssh_sshd/config
- mv
- Reload SSHDaemon
rcctl restart sshd
You can test your OpenSSH server configuration here:
🐡 Have Fun!