====== SSH ======

===== OpenSSH =====

OpenSSH is the implementation of the SSH protocol on Ubuntu.

  * OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more.
  * SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems.

However, the main advantage is server authentication, through the use of public key cryptography.

Here are a few things you need to tweak in order to improve OpenSSH server security.

<WRAP important>
**IMPORTANT:**  Before making any modifications to the **/etc/sshd_config** file, make a backup by:

<code bash>
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
</code>

...and

<code bash>
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
</code>
</WRAP>

<WRAP info>
**NOTE**: Not all of the possible changes mentioned below have to be made.

Some changes are not recommended to be made but may offer tighter security depending on your requirements. 
</WRAP>

----

[[Ubuntu:SSH:Blacklist a public key|Blacklist a public key]]

[[Ubuntu:SSH:Change the Port|Change the Port]]

[[Ubuntu:SSH:Check the Current SSH Ports|Check the Current SSH Ports]]

[[Ubuntu:SSH:Configure sshd|Configure sshd]]

[[Ubuntu:SSH:Configure sshd with multiple authentication factors|Configure sshd with multiple authentication factors]]

[[Ubuntu:SSH:Configuring sshd|Configuring sshd]]

[[Ubuntu:SSH:Creating public/private key authentication for SSH|Creating public/private key authentication for SSH]]

[[Ubuntu:SSH:Disabling sshd|Disabling sshd]]

[[Ubuntu:SSH:Distribute public keys|Distribute public keys]]

[[Ubuntu:SSH:ERROR - SSH Connection Refused|ERROR - SSH Connection Refused]]

[[Ubuntu:SSH:Get the host's fingerprint|Get the host's fingerprint]]

[[Ubuntu:SSH:Install SSH|Install SSH]]

[[Ubuntu:SSH:Limit user logins|Limit user logins]]

[[Ubuntu:SSH:Manage SSH Key File With Passphrase|Manage SSH Key File With Passphrase]]

[[Ubuntu:SSH:Override socket-activated SSH|Override socket-activated SSH]]

[[Ubuntu:SSH:Port Forwarding|Port Forwarding]]

[[Ubuntu:SSH:Restart SSH|Restart SSH]]

[[Ubuntu:SSH:Setup SSH Keys|Setup SSH Keys]]

[[Ubuntu:SSH:SSH Login Message|SSH Login Message]]

[[Ubuntu:SSH:Test mode|Test mode]]

[[Ubuntu:SSH:Troubleshooting SSH|Troubleshooting SSH]]

[[Ubuntu:SSH:Two-Factor Authentication (using Google Authenticator)|Two-Factor Authentication (using Google Authenticator)]]