SSH

Initial configuration

Generate a keypair. Ed25519 uses Twisted Edwards curve

ss-keygen -t ed25519

Copy generated public key to the server

ssh-copy-id -i id_ed25519 USERNAME@IP-ADDRESS

Edit the server configuration file /etc/ssh/sshd_config

Port 22
PasswordAuthentication no
PubkeyAuthentication yes

Example of returned banner

OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)

Use DebianBanner option in sshd_config and set it to no.

DebianBanner no

You can test the configuration for errors with sshd -t.

Result:

OpenSSH 7.6p1 (protocol 2.0)

Key verification

On your server

Check the fingerprints with the keys on your server:

for key in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -f $key; done

Gitlab servers

The website is kinda hidden: https://gitlab.com/help/instance_configuration

Github servers

https://docs.github.com/en/github/authenticating-to-github/githubs-ssh-key-fingerprints

« Previous Next »