Learn how to modify the sshd_config configuration file to lock down incoming SSH connections. You can filter and prevent incoming SSH connections by username, IP address, as well as other methods.
Instructor: [0:01] SSH by default is fairly secure. However, there are a few configuration settings you can modify to make things even more secure. Open up the sshd configuration file located at /edc/ssh/sshd_config. In this file, disable the ability to log in to the root user by toggling PermitRootLogin to no.
[0:28] If you would still like to be able to access the server with root, but don't want passwords to be used, you can also specify prohibit-password as the value, which will disable logins to root by password, but allow other connections with SSH keys. You can also completely disable password authentication for the entire server by setting the value for PasswordAuthentication to no.
[0:54] Let's say you want to lock things down even further, and only allow SSH connectivity for specific users. Search for or create the AllowUsers directive. The value for this option is a space-delimited list of users, or user IP connection strings. In this manner, you can lock down SSH for only specific users.
[1:17] You can also allow specific users only coming from specific IP addresses, or you can allow all users connecting from specific IP addresses. Be sure to restart the SSH service after applying updates to the configuration file by running service ssh restart.
Member comments are a way for members to communicate, interact, and ask questions about a lesson.
The instructor or someone from the community might respond to your question Here are a few basic guidelines to commenting on egghead.io
Be on-Topic
Comments are for discussing a lesson. If you're having a general issue with the website functionality, please contact us at support@egghead.io.
Avoid meta-discussion
Code Problems?
Should be accompanied by code! Codesandbox or Stackblitz provide a way to share code and discuss it in context
Details and Context
Vague question? Vague answer. Any details and context you can provide will lure more interesting answers!