Sshd
Jump to navigation
Jump to search
Secure with specific ciphers
~]$ sudo sshd -T | grep ^macs macs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512 ~]$ sudo sshd -T | grep ^kexa kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
/etc/ssh/sshd_config
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 macs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
sudo systemctl restart sshd
Check via ssh scan
which is probably this parsed and prettied
sudo nmap -sV --script ssh2-enum-algos ssh.example.org -p 22
Dockerfile run in foreground
EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"]
Nonroot
#!/bin/bash
set -eux
mkdir -p ${HOME}/custom_ssh
ssh-keygen -f ${HOME}/custom_ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f ${HOME}/custom_ssh/ssh_host_dsa_key -N '' -t dsa
cat << EOF > ${HOME}/custom_ssh/sshd_config
Port 2222
HostKey ${HOME}/custom_ssh/ssh_host_rsa_key
HostKey ${HOME}/custom_ssh/ssh_host_dsa_key
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
UsePAM yes
Subsystem sftp /usr/lib/ssh/sftp-server
PidFile ${HOME}/custom_ssh/sshd.pid
EOF
/usr/local/bin/sshd -f ${HOME}/custom_ssh/sshd_config
echo "----- Process ID : ${HOME}/custom_ssh/sshd.pid -------"