Status prüfen
systemctl status ssh.service
SSH-Konfigurationstest.:
sshd -t
Finde lokale genutzte sshd_config finden
find / -name "sshd_config" 2>/dev/null
Backup der ssh_config anlegen
cp /etc/ssh/sshd_config /root/sshd_config
ssh_config editieren
nano /etc/ssh/sshd_config
> #Port 22
Port XXXX
> #LogLevel INFO
LogLevel VERBOSE
> #PermitRootLogin prohibit-password
PermitRootLogin no
> #MaxAuthTries 6
MaxAuthTries 3
> #MaxSessions 10
MaxSessions 2
> #PubkeyAuthentication yes
PubkeyAuthentication yes
> #IgnoreRhosts yes
IgnoreRhosts yes
> #PasswordAuthentication yes
PasswordAuthentication no
> #PermitEmptyPasswords no
PermitEmptyPasswords no
> #AllowAgentForwarding yes
AllowAgentForwarding no
> #AllowTcpForwarding yes
AllowTcpForwarding no
> X11Forwarding yes
#X11Forwarding yes
X11Forwarding no
> #TCPKeepAlive yes
TCPKeepAlive no
> #Compression delayed
Compression no
> #ClientAliveCountMax 3
ClientAliveCountMax 2
> #UseDNS no
UseDNS no
> #Banner none
Banner /etc/issue
STRG+O & STRG+X
Den Port auch unter openssh-server eintragen
nano /etc/ufw/applications.d/openssh-server
ports=XXXX/tcp
STRG+O & STRG+X
SSH-Port in jail.conf eintragen
nano /etc/fail2ban/jail.conf
...im Bereich [sshd]
#port = ssh
port = XXXX
action = ufw[application="OpenSSH-XXXX", blocktype=reject]
logpath = %(sshd_log)s
backend = %(sshd_backend)s
STRG+O & STRG+X
fail2ban-client reload
SSH-Port in ssh_config
nano /etc/ssh/ssh_config
# Port 22
Port XXXX
STRG+O & STRG+X
Reload SSH
/etc/init.d/ssh restart
=
systemctl restart sshd
-
systemctl reload ssh.service
sources: