SSH

Initial configuration

  1. Generate a keypair. Ed25519 uses Twisted Edwards curve
ss-keygen -t ed25519
  1. Copy generated public key to the server
ssh-copy-id -i id_ed25519 USERNAME@IP-ADDRESS
  1. Edit the server configuration file /etc/ssh/sshd_config
Port 22
PasswordAuthentication no
PubkeyAuthentication yes

Disable Debian Banner

Example of returned banner

OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)

Use DebianBanner option in sshd_config and set it to no.

DebianBanner no

You can test the configuration for errors with sshd -t.

Result:

OpenSSH 7.6p1 (protocol 2.0)

Key verification

On your server

Check the fingerprints with the keys on your server:

for key in /etc/ssh/ssh_host_*_key; do ssh-keygen -l -f $key; done

Gitlab servers

Github servers

Show list of Host Key Fingerprints

ssh-keygen -l -f ~/.ssh/known_hosts