SSH Defense
Challenge Gallery
Quick Reference
sshd_config Directives
| Directive | Recommended Value | What It Does |
|---|---|---|
PermitRootLogin |
no |
Blocks direct root login via SSH |
PasswordAuthentication |
no |
Forces key-based authentication only |
PermitEmptyPasswords |
no |
Prevents login with blank passwords |
MaxAuthTries |
3 |
Disconnects after 3 failed attempts per session |
ClientAliveInterval |
300 |
Sends keepalive every 300s, disconnects idle sessions |
X11Forwarding |
no |
Disables GUI forwarding (reduces attack surface) |
AllowUsers |
deploy admin |
Whitelist: only these users can SSH in |
Port |
2222 (or any high port) |
Reduces automated scanning (not real security) |
SSH Key Commands
| Command | What It Does |
|---|---|
ssh-keygen -t ed25519 |
Generate a new ed25519 key pair |
ssh-keygen -t ed25519 -C "me@ewu.edu" |
Generate key with identifying comment |
ssh-copy-id user@server |
Install public key on remote server |
ssh -i ~/.ssh/mykey user@server |
Connect using a specific key file |
chmod 700 ~/.ssh |
Fix directory permissions (required) |
chmod 600 ~/.ssh/authorized_keys |
Fix authorized_keys permissions (required) |
sudo systemctl restart sshd |
Apply sshd_config changes |
sudo systemctl status sshd |
Check if sshd is running |
journalctl -u sshd -f |
Watch SSH logs in real time |