1.3 KiB
| title | date | url | layout | category | image |
|---|---|---|---|---|---|
| Hardening SSH access on Raspberry Pi | 2013-04-07 | hardening-ssh-access-on-raspberry-pi | post | Security | /img/blog/hardening-ssh-access-on-raspberry-pi.png |
On a new Raspberry (but sometimes elsewhere unfortunately), you're able to connect through SSH directly with the root session. We'll disable it, for security purposes.
Run this command :
# nano /etc/ssh/sshd_config
... find the line:
PermitRootLogin
Replace the yes by no.
It'll be impossible to connect through this session, don't forget to check that another session is existing (with a password you know) 😉
You can also change the default port of SSH.
In the same file, find:
Port
Put another value instead of 22, and write it down somewhere unless you'll have to nmap your device to retrieve it 🤣
Now, reload the SSH daemon to parse and apply the new configuration :
# service sshd reload
Now you'll have to connect with :
$ ssh SESSION@PI_IP -p PORT
If you need to copy some files from it, you'll have to use scp as below :
$ scp -P PORT SESSION@PI_IP:/path/to/your_remote_file /path/on/your/host