48 lines
1.3 KiB
Markdown
48 lines
1.3 KiB
Markdown
---
|
|
title: "Hardening SSH access on Raspberry Pi"
|
|
date: 2013-04-07
|
|
url: hardening-ssh-access-on-raspberry-pi
|
|
layout: post
|
|
category: Security
|
|
image: /img/blog/hardening-ssh-access-on-raspberry-pi.png
|
|
---
|
|
|
|
[![A missing blog post image](/img/blog/hardening-ssh-access-on-raspberry-pi.png)](/img/blog/hardening-ssh-access-on-raspberry-pi.png)
|
|
|
|
On a new Raspberry (but sometimes elsewhere unfortunately), you're able to connect through SSH directly with the root session. We'll disable it, for security purposes.
|
|
|
|
Run this command :
|
|
|
|
`# nano /etc/ssh/sshd_config`
|
|
|
|
... find the line:
|
|
|
|
> PermitRootLogin
|
|
|
|
Replace the **yes** by **no**.
|
|
|
|
**It'll be impossible to connect through this session, don't forget to check that another session is existing (with a password you know) :wink:**
|
|
|
|
---
|
|
|
|
You can also change the default port of SSH.
|
|
In the same file, find:
|
|
|
|
> Port
|
|
|
|
Put another value instead of **22**, and write it down somewhere unless you'll have to `nmap` your device to retrieve it :rofl:
|
|
|
|
---
|
|
|
|
Now, reload the SSH daemon to parse and apply the new configuration :
|
|
|
|
`# service sshd reload`
|
|
|
|
Now you'll have to connect with :
|
|
|
|
`$ ssh SESSION@PI_IP -p PORT`
|
|
|
|
If you need to copy some files from it, you'll have to use `scp` as below :
|
|
|
|
`$ scp -P PORT SESSION@PI_IP:/path/to/your_remote_file /path/on/your/host`
|