Dies ist eine alte Version des Dokuments!

Based on: https://community.hetzner.com/tutorials/securing-ssh

StrictHostKeyChecking no kein Key Checking in config

Include /etc/ssh/sshd_config.d/*.conf

Port 22
MaxAuthTries 2
AllowTcpForwarding no
X11Forwarding no
AllowAgentForwarding no

# root login verbieten= no 
PermitRootLogin yes

ClientAliveInterval 300
ClientAliveCountMax 1

PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

PrintMotd no

AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp  /usr/lib/openssh/sftp-server

Einstellungen testen:

sshd -t

systemctl restart sshd

Fail2Ban:

apt install fail2ban

systemctl enable fail2ban

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Aktuelle „Zellenbelegung“ anzeigen:

fail2ban-client status sshd

Neue Einstellungen laden:

systemctl restart fail2ban

Login ohne Key Checking

ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ubnt@192.168.1.20