The ssh daemon is configured, by default, in /etc/ssh/sshd_config.
Port $PORT LogLevel VERBOSE # or INFO AllowUsers $USERS # alternatively, AllowGroups PermitRootLogin no PasswordAuthentication no # after key-based auth has been set up ChallengeResponseAuthentication no AllowAgentForwarding no # unless specifically required AllowTcpForwarding no # unless specifically required
activating the ssh daemon
Add sshd to /etc/rc.conf's SERVICES line to run /etc/rc.d/sshd during startup.
key based authentication
Get the local ip address of the server with ifconfig, and add your private key to its ~/.ssh/authorized_keys.
scp -P $PORT ~/.ssh/$KEY.pub 192.168.2.103:.ssh/authorized_keys
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
root account security
/etc/securettydefines which devices root can log in on.
console ttyS0 tty1 tty2 tty3 tty4 tty5 tty6
If it exists and is empty, root access will be restricted to single user mode or programs that are not restricted by pam_securetty - i.e. su, sudo, ssh, scp, sftp.
rm /etc/securetty; touch /etc/securetty
Direct logins by root can be disabled by setting the shell parameter in /etc/passwd to /bin/false.
2018 - Élő László hello at bald dot cat