SSH

Let me browse into /etc/ssh. When you look inside of that folder you'll see a lot of files. There's a lot of stuff in here. And the main file I care about is this guy right here

k8s@k8s-manager ssh]$ ls
moduli      ssh_config.d  sshd_config.d       ssh_host_ecdsa_key.pub  ssh_host_ed25519_key.pub  ssh_host_rsa_key.pub
ssh_config  sshd_config   ssh_host_ecdsa_key  ssh_host_ed25519_key    ssh_host_rsa_key

sshd_config. That's the SSH daemon's configuration. There is another one, ssh_config, that's the client. I'm not worried about the client here. I'm worried about the server, sshd_config. Now I could edit that file and start modifying things. However, there are some scenarios where when SSH gets updated, it might overwrite that file and I would lose my changes. It also makes it a little difficult if I want to merge changes to another system. So what they recommend is instead of making changes in that file, you create your own configuration file and put it under sshd_config.d.

That's a directory that's included in the main configuration

cd /etc/ssh/sshd_config.d

As you can see from the server config file

# To modify the system-wide sshd configuration, create a  *.conf  file under
#  /etc/ssh/sshd_config.d/  which will be automatically included below
Include /etc/ssh/sshd_config.d/*.conf

Now i will create my file inside this directory:

vim hardened.conf

AllowUsers k8s
PermitRootLogin no

sudo systemctl restart sshd

Now when i try to login:

C:\\Users\\ADMIN>ssh centos@192.168.1.16
centos@192.168.1.16's password:
Permission denied, please try again.

I will add centos user now:

Using TCP wrappers with SSH

sudo vim /etc/hosts.allow

sshd : LOCAL,10.222.0

/etc/hosts.deny

sshd : ALL

Controlling SSH access with a firewall:

sudo ufw allow from 10.222.0.0/24 proto tcp to any port 22