====== Information ======

  * OpenSSH server notes
  * See [[clients:secure_shell|OpenSSH Client]] notes for clients

====== Config Files ======

===== Main =====

****

  sudo -e '/etc/ssh/sshd_config'

===== Custom =====

  * Check ''sshd_config'' to make sure ''sshd_config.d'' is included
 
<code>/etc/ssh/sshd_config.d</code>

====== Force Public Key Authentication ======

  * [[https://wiki.archlinux.org/index.php/OpenSSH#Force_public_key_authentication|ArchWiki]]
  * :!: Be sure to generate/restore keys and to copy to server before disabling passwords
  * :!: See [[clients:secure_shell|SSH Client]] notes
  * Tested on [[distros:ubuntu_server|Ubuntu 20.04]]

  echo 'PasswordAuthentication no' | sudo tee '/etc/ssh/sshd_config.d/custom-pubkey-only.conf' > '/dev/null' && cat '/etc/ssh/sshd_config.d/custom-pubkey-only.conf'

  sudo -e '/etc/ssh/sshd_config.d/custom-pubkey-only.conf'

===== Secure Authorized Keys =====

  * [[https://wiki.archlinux.org/index.php/OpenSSH#Securing_the_authorized_keys_file|ArchWiki]]

  chmod '400' ~/'.ssh/authorized_keys'

====== Disable Root Login ======

  * [[https://wiki.archlinux.org/index.php/OpenSSH#Deny|ArchWiki]]

  echo 'PermitRootLogin no' | sudo tee '/etc/ssh/sshd_config.d/custom-root-login-disable.conf' > '/dev/null' && cat '/etc/ssh/sshd_config.d/custom-root-login-disable.conf'

  sudo -e '/etc/ssh/sshd_config.d/custom-root-login-disable.conf'