https://github.com/torshin5ergey/roadmapsh-ssh-remote-server-setup
This is my solution to the SSH Remote Server Setup project in the DevOps roadmap from roadmap.sh
https://github.com/torshin5ergey/roadmapsh-ssh-remote-server-setup
apt fail2ban linux openssh-server ssh ubuntu
Last synced: 4 months ago
JSON representation
This is my solution to the SSH Remote Server Setup project in the DevOps roadmap from roadmap.sh
- Host: GitHub
- URL: https://github.com/torshin5ergey/roadmapsh-ssh-remote-server-setup
- Owner: torshin5ergey
- Created: 2025-04-30T12:15:32.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-04-30T14:35:53.000Z (about 1 year ago)
- Last Synced: 2025-04-30T15:51:51.316Z (about 1 year ago)
- Topics: apt, fail2ban, linux, openssh-server, ssh, ubuntu
- Homepage:
- Size: 1.95 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# 🔐 SSH Remote Server Setup Project for roadmap.sh
This is my solution to the [SSH Remote Server Setup project](https://roadmap.sh/projects/ssh-remote-server-setup) in the [DevOps roadmap](https://roadmap.sh/devops) from [roadmap.sh](https://roadmap.sh/)
**Table of Contents**
- [Project Requirements](#project-requirements)
- [Prerequisites](#prerequisites)
- [SSH Remote Server Setup Guide](#ssh-remote-server-setup-guide)
- [Some SSH configuration Best Practices](#some-ssh-configuration-best-practices)
- [Author](#author)
## Project Requirements
- Register and setup a remote linux server on any provider.
- Create two new SSH key pairs and add them to your server.
- You should be able to connect to your server using both SSH keys.
- *Advanced*. Setup login with alias.
- *Advanced*. Install and configure `fail2ban` to prevent brute force attack.
## Prerequisites
- A remote host with OpenSSH-server installed.
- Remote server IP address.
## SSH Remote Server Setup Guide
1. Generate SSH key pairs on your local machine. Use ED25519 or RSA key type
```bash
# -t key type
# -b bits in the key
# -C comment
# -f output filename
ssh-keygen -t ed25519 -C "comment"
# or
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_kubernetes -C "comment"
```
2. Copy **public** key to your remote server. Ypu need to provide username's password for this action
```bash
# -i identity file (public key file)
ssh-copy-id -i path/to/public/key username@hostip
```
3. *Advanced.* Add host to `~/.ssh/config` to connect with `alias`
```bash
Host alias
HostName hostip # IP od DNS from /etc/hosts
User username
Port 22 # optional SSH port (default is 22)
IdentityFile path/to/private/key
```
4. SSH into your remote server
```bash
# -i identity file (private key file)
# -p SSH port
# with username and hostname
ssh -i path/to/private/key username@hostip
# with alias
ssh alias
```
5. *Advanced*. Install and Setup `fail2ban`
- Install `fail2ban`
```bash
sudo apt update && sudo apt install fail2ban -y
```
- Create **custom** configuration file from default `/etc/fail2ban/jail.conf`. Setup `fail2ban` parameters only inside custom configuration files. Default `maxretry=5`, `bantime=10m`.
```bash
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.d/jail.local
```
- Start and enable service
```bash
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
```
- Check ban status
```bash
sudo fail2ban-client status sshd
```
## Some SSH configuration Best Practices
`/etc/ssh/sshd_config`
- Disable password based login
```bash
AuthenticationMethods publickey
PubkeyAuthentication yes
```
- Disable login users with empty passwords
```bash
PermitEmptyPasswords no
```
- Disable root login
```bash
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
```
- Allow access only from specific IPs
```bash
AllowUsers user@192.168.0.*
```
- Restart `sshd` after changing the configuration
```bash
sudo systemctl restart sshd
```
## Author
Sergey Torshin [@torshin5ergey](https://github.com/torshin5ergey)