ssh Archives | Chris Reeves' Blog

Automate SSH Key Rotation on Ubuntu with Ansible

Posted November 15th, 2018 by Chris & filed under Ansible, Hardening, Linux & Unix.

Overview Changing your SSH keys is as important as changing your underpants daily, running this script on a frequent basis will ensure access to the servers are changed on a regular basis. Use Ansible to do ssh key rotation in your sleep!

Limit SSH connections geographically

Posted August 27th, 2015 by Chris & filed under Linux & Unix.

There is a real security risk to leaving your shell connection ports exposed to the internet especially if you don’t ever intend on connecting from Zimbabwe as well as other random countries. This can limit brute force attack exposure and also save valuable resources and bandwidth by rejecting a packets before a tcp handshake. Install… Read more »

Adding Colour to Linux Bash Shell

Posted November 1st, 2014 by Chris & filed under Linux & Unix.

If the standard black and grey makes you feel uninspired, you can change this by adding two lines to your .bashrc file in the users profile. 1. Edit the .bashrc file

vi ~\.bashrc

1	vi ~\.bashrc

2. Add the following lines

force_color_prompt=yes
PS1='${debian_chroot:+($debian_chroot)}\[&#92;&#48;33[01;32m\]\u@\h\[&#92;&#48;33[00m\]:\[&#92;&#48;33[01;34m\]\w\[&#92;&#48;33[00m\]\$ '

1 2	force_color_prompt=yes PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\[email protected]\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like… Read more »

Setup SSH Keys for Linux Key Based Authentication

Posted April 15th, 2014 by Chris & filed under Linux & Unix.

Generating RSA Keys 1. Create a folder called “.ssh” under the root folder (change ~ for the full path of the user if you are using a user account)

mkdir ~/.ssh

1	mkdir ~/.ssh

2. Change permissions on the “.ssh” folder to 700

chmod 700 ~/.ssh

1	chmod 700 ~/.ssh

3. Generate keys

ssh-keygen -t rsa

1	ssh-keygen -t rsa

You will be prompted for a location to save the keys… Read more »

Stop SSH from Listening on IPv6

Posted March 27th, 2014 by Chris & filed under Linux & Unix.

By default, SSH listens on both IPv4 and IPv6, if you don’t connect using IPv6 then you can disable it entirely from listening. Example:

root@linux:~# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2206/exim4
tcp6 0 0 :::22 :::* LISTEN 2241/sshd

root@linux:~# netstat -ntlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2241/sshd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2206/exim4

tcp6 0 0 :::22 :::* LISTEN 2241/sshd

Edit your SSH config file /etc/ssh/sshd_config

vi /etc/ssh/sshd_config

1	vi /etc/ssh/sshd_config

Uncomment out the following line:

#ListenAddress 0.0.0.0

1	#ListenAddress 0.0.0.0

Restart SSH daemon

/etc/init.d/ssh restart

1	/etc/init.d/ssh restart

Rerun netstat to check it isn’t listening

root@linux:~# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2292/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2206/exim4

root@linux:~# netstat -ntlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2292/sshd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2206/exim4

Should you have any questions,… Read more »

M	T	W	T	F	S	S
« Feb
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Posts Tagged: ssh