SSH Configuration
Installation and Configuration
Basic Setup
# Install SSH server
sudo apt update
sudo apt install openssh-server
# Enable SSH service
sudo systemctl enable sshd
Restrict SSH to Local IP
# Edit SSH configuration
sudo nano /etc/ssh/sshd_config
# Add or modify the following line
ListenAddress 192.168.1.100 # Replace with your local IP
# Restart the service
sudo systemctl restart sshd
Connect to SSH Server
ssh username@server_ip_address
Security Enhancements
Two-Factor Authentication with Google Authenticator
- Install Google Authenticator:
sudo apt-get update
sudo apt-get install libpam-google-authenticator
- Run the setup:
google-authenticator
- Configure PAM:
# Edit PAM configuration
sudo nano /etc/pam.d/sshd
# Add at the top of the file
auth required pam_google_authenticator.so
- Update SSH configuration:
# Edit SSH configuration
sudo nano /etc/ssh/sshd_config
# Set the following options
ChallengeResponseAuthentication yes
UsePAM yes
KbdInteractiveAuthentication yes
- Apply changes:
sudo systemctl restart sshd
Restrict or Disable SSH
Restrict SSH to Localhost Only
# Edit SSH configuration
sudo nano /etc/ssh/sshd_config
# Set listening address to localhost
ListenAddress 127.0.0.1
# Restart service
sudo systemctl restart sshd
Stop SSH Service
# Stop the service
sudo systemctl stop ssh
# Disable automatic startup (optional)
sudo systemctl disable ssh
# Verify status
sudo systemctl status ssh
Completely Disable SSH
# Stop and disable both service and socket
sudo systemctl stop ssh.socket
sudo systemctl disable ssh.socket