SSH
Let me browse into /etc/ssh. When you look inside of that folder you'll see a lot of files. There's a lot of stuff in here. And the main file I care about is this guy right here
k8s@k8s-manager ssh]$ ls
moduli ssh_config.d sshd_config.d ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
ssh_config sshd_config ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_keysshd_config. That's the SSH daemon's configuration. There is another one, ssh_config, that's the client. I'm not worried about the client here. I'm worried about the server, sshd_config. Now I could edit that file and start modifying things. However, there are some scenarios where when SSH gets updated, it might overwrite that file and I would lose my changes. It also makes it a little difficult if I want to merge changes to another system. So what they recommend is instead of making changes in that file, you create your own configuration file and put it under sshd_config.d.
That's a directory that's included in the main configuration
cd /etc/ssh/sshd_config.d
As you can see from the server config file
# To modify the system-wide sshd configuration, create a *.conf file under
# /etc/ssh/sshd_config.d/ which will be automatically included below
Include /etc/ssh/sshd_config.d/*.confNow i will create my file inside this directory:
vim hardened.conf
AllowUsers k8s
PermitRootLogin nosudo systemctl restart sshd
Now when i try to login:
C:\\Users\\ADMIN>ssh centos@192.168.1.16
centos@192.168.1.16's password:
Permission denied, please try again.I will add centos user now:
Using TCP wrappers with SSH
sudo vim /etc/hosts.allow
sshd : LOCAL,10.222.0/etc/hosts.deny
sshd : ALLControlling SSH access with a firewall:
sudo ufw allow from 10.222.0.0/24 proto tcp to any port 22
Last updated