Published on April 13, 2013
Whenever you spin up a virtual machine either on
EC2 or somewhere else, the first thing you should
do is configuring the sshd server. There are
thousands of bots out in the wild who systematically scan entire IP ranges and
try logging in with common
So for fast configuring, after copying your public key to the
~/.ssh/authorized_keys on the remote machine, try logging in without having to
enter your password (
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys is
usually needed for password-less login).
Then proceed to configure
/etc/sshd/sshd_configure and make following changes:
ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no PermitRootLogin no PubkeyAuthentication yes AllowUsers user1 user2
These are rather self-explanatory options, but to make it clear, these options deny login using password and allow login only using public key; deny login for root user and allow login for users user1 and user2.
Don’t forget to put your own username to the last line, otherwise you will lock yourself out of the machine.
As the final step, just restart the sshd server (e.g.
sudo service ssh