SSH Hardening

• Key-Only Login
• SSH Custom Port

Key-Only Login

SSH-Config

nano /etc/ssh/sshd_config

Wichtige Einstellungen

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
PermitRootLogin prohibit-password
PermitEmptyPasswords no
Protocol 2
LoginGraceTime 60
MaxAuthTries 3
X11Forwarding no

SSH neustarten:

systemctl restart sshd

SSH Custom Port

Port ändern:

nano /etc/ssh/sshd_config

Ändere:

Port 1234

UFW anpassen:

ufw allow 1234/tcp
ufw delete 22/tcp
ufw reload

SSH reload

systemctl reload sshd

Lokale SSH Config anpassen:

nano /.ssh/config

Host Hetzner
  Hostname 1.2.3.4
  User root
  IdentityFile ~/.ssh/Hetznerkey
  Port 1234