http://bald.cat

sshd configuration

The ssh daemon is configured, by default, in /etc/ssh/sshd_config.

Port $PORT
LogLevel VERBOSE                # or INFO
AllowUsers $USERS               # alternatively, AllowGroups
PermitRootLogin no
PasswordAuthentication no       # after key-based auth has been set up
ChallengeResponseAuthentication no
AllowAgentForwarding no         # unless specifically required
AllowTcpForwarding no           # unless specifically required

activating the ssh daemon

Add sshd to /etc/rc.conf's SERVICES line to run /etc/rc.d/sshd during startup.

key based authentication

Get the local ip address of the server with ifconfig, and add your private key to its ~/.ssh/authorized_keys.

scp -P $PORT ~/.ssh/$KEY.pub 192.168.2.103:.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

root account security

/etc/securettydefines which devices root can log in on.

console
ttyS0
tty1
tty2
tty3
tty4
tty5
tty6

If it exists and is empty, root access will be restricted to single user mode or programs that are not restricted by pam_securetty - i.e. su, sudo, ssh, scp, sftp.

rm /etc/securetty; touch /etc/securetty

Direct logins by root can be disabled by setting the shell parameter in /etc/passwd to /bin/false.

root:x:0:0:root:/root:/bin/false

2018 - Élő László hello at bald dot cat