Overview Changing your SSH keys is as important as changing your underpants daily, running this script on a frequent basis will ensure access to the servers are changed on a regular basis. Use Ansible to do ssh key rotation in your sleep!
Limit SSH connections geographically
There is a real security risk to leaving your shell connection ports exposed to the internet especially if you don’t ever intend on connecting from Zimbabwe as well as other random countries. This can limit brute force attack exposure and also save valuable resources and bandwidth by rejecting a packets before a tcp handshake. Install… Read more »
Adding Colour to Linux Bash Shell
If the standard black and grey makes you feel uninspired, you can change this by adding two lines to your .bashrc file in the users profile. 1. Edit the .bashrc file
| 1 | vi ~\.bashrc |
2. Add the following lines
| 1 2 | force_color_prompt=yes PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\[email protected]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' |
Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like… Read more »
Setup SSH Keys for Linux Key Based Authentication
Generating RSA Keys 1. Create a folder called “.ssh” under the root folder (change ~ for the full path of the user if you are using a user account)
| 1 | mkdir ~/.ssh |
2. Change permissions on the “.ssh” folder to 700
| 1 | chmod 700 ~/.ssh |
3. Generate keys
| 1 | ssh-keygen -t rsa |
You will be prompted for a location to save the keys… Read more »
Stop SSH from Listening on IPv6
By default, SSH listens on both IPv4 and IPv6, if you don’t connect using IPv6 then you can disable it entirely from listening. Example:
| 1 2 3 4 5 6 | root@linux:~# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2241/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2206/exim4 tcp6 0 0 :::22 :::* LISTEN 2241/sshd |
Edit your SSH config file /etc/ssh/sshd_config
| 1 | vi /etc/ssh/sshd_config |
Uncomment out the following line:
| 1 | #ListenAddress 0.0.0.0 |
Restart SSH daemon
| 1 | /etc/init.d/ssh restart |
Rerun netstat to check it isn’t listening
| 1 2 3 4 5 | root@linux:~# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2292/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2206/exim4 |
Should you have any questions,… Read more »
