<!-- .slide: data-audio-src="../audio/rh124-10/1.mp3" --> # Configure and Secure SSH ## Dennis Kibbe ### Mesa Community College Note: This slide presentation was created using [Reveal.js](https://revealjs.com/). You can access a transcript of this presentation by pressing S for speaker notes. You can access navigation help by pressing the question mark key. Audio for this presentation is artificially generated. --- <!-- .slide: data-audio-src="../audio/rh124-10/2.mp3" --> # Module Outline 1. Introduction 1. Access the Remote Command Line with SSH 1. Guided Exercise 1. Configure SSH Key-based Authentication 1. Guided Exercise 1. Customize OpenSSH Service Configuration 1. Guided Exercise 1. Key Takeaways 1. Resources 1. Graded Lab Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/3.mp3" --> # Learning Objectives *After completing the work in this module you will be able to:* 1. ? 1. Run Commands on a remote system using SSH. 1. Use key-based authentication. 1. Increase security restricting remote root logins. 1. Disable password-based authentication. Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/4.mp3" --> # Secure Shell - Remote Login ``` [student@workstation ~]$ ssh student@servera student@servera's password: ...output omitted... [student@servera ~]$ ``` Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/12.mp3" --> # Close the Connection to Remote Host ``` [student@servera ~]$ exit Connection to servera closed. [student@workstation ~]$ ``` Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/13.mp3" --> # Run a Remote Command as a Different User ``` [student@workstation ~]$ ssh developer1@servera developer1@servera's password: ...output omitted... [developer1@servera ~]$ Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/14.mp3" --> # Identify Remote Users ``` [developer1@workstation ~]$ ssh developer1@servera developer1@server's password: [developer1@servera ~]$ w 16:13:38 up 36 min, 1 user, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT developer2 pts/0 172.25.250.10 16:13 7:30 0.01s 0.01s -bash developer1 pts/1 172.25.250.10 16:24 3.00s 0.01s 0.00s w [developer1@servera ~]$ Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/15.mp3" --> # SSH Host Keys  Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/16.mp3" --> # SSH Known Hosts Key Management  Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/17.mp3" --> # Guided Exercise ## Access the Remote Command Line with SSH Note: In this section you will configure and use key-based authentication. SSH uses public key encryption to create a mathematically rated key pair. --- <!-- .slide: data-audio-src="../audio/rh124-10/18.mp3" --> # SSH Key Generation  Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/19.mp3" --> # Listing the SSH Keys  Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/21.mp3" --> # Share the Public Key  Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/22.mp3" --> # Guided Exercise ## Configure SSH Key-based Authentication Note: In this exercise, you configure a user to use key-based authentication for SSH. --- <!-- .slide: data-audio-src="../audio/rh124-10/23.mp3" --> # Customize OpenSSH Service Configuration Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/24.mp3" --> # Configure the OpenSSH Server  Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/25.mp3" --> # Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/26.mp3" --> # Guided Exercise ## Configure SSH Key-based Authentication Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/27.mp3" --> # Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/28.mp3" --> # Prohibit root Logins  Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/29.mp3" --> # Prohibit Password-based Authentication  Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/30.mp3" --> # Guided Exercise ## Customize OpenSSH Service Configuration Note: In this exercise, you disable direct logins as root and disable password-based authentication for the OpenSSH service on one of your servers. --- <!-- .slide: data-audio-src="../audio/rh124-10/31.mp3" --> # Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/32.mp3" --> # Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/33.mp3" --> # <!-- <p class="fragment">The new default permissions are 0644.</p> --> Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/34.mp3" --> # Guided Exercise ## Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/35.mp3" --> # Key Takeaways 1. OpenSSH is a suite of tools used to connect to remote hosts. 1. Remote host identities are stored in `/etc/ssh/known_hosts` and `.ssh/known_hosts`. 1. SSH can use password authentication or keys for added security and convenience. 1. The private key must not be shared. 1. Disabling root logins and password authentication are best practices. Note: --- <!-- .slide: data-audio-src="../audio/rh124-10/36.mp3" --> # Resources - [Asymmetric Encryption - Simply explained](https://youtu.be/AQDCe585Lnc) - [How To Use SSH to Connect to a Remote Server](https://www.digitalocean.com/community/tutorials/how-to-use-ssh-to-connect-to-a-remote-server) - [How to Use Putty to SSH on Windows](https://youtu.be/pWDHUlvcAsg) Note: Here are some resources for the topics covered in this chapter. --- <!-- .slide: data-audio-src="../audio/rh124-10/37.mp3" --> # Graded Lab ## Configure and Secure SSH  Note: --- <!-- .slide: data-transition="zoom" --> <!-- .slide: data-audio-src="../audio/rh124-10/end.mp3" -->  Note: This ends this slide presentation. I hope you found it useful.