====== Securing SSH Server ======

To secure a Linux server's SSH service, there are a few options, which will be discussed on this page.

===== Key base =====

For using key-based authentication, you can follow these steps:

  - Generate a public/private key pair on your local machine:
    * Open a terminal window and enter the following command: ''ssh-keygen''
    * Follow the prompts to specify the location to save the key pair, and enter a passphrase for the private key (optional).
    * This will generate a public key and a private key in the specified location. The public key is stored in a file with the ''.pub'' extension, and the private key is stored in a file with no extension.
  - Copy the public key to the server:
    * Enter the following command to copy the public key to the server, replacing ''user'' with the username on the server and server_hostname_or_IP with the hostname or IP address of the server:
    * ''ssh-copy-id user@server_hostname_or_IP''
    * You will be prompted to enter the password for the user on the server.
    * This will copy the public key to the server and append it to the ''authorized_keys'' file in the ''~/.ssh'' directory of the user's home directory on the server.

  - Disable password-based authentication:
    * Edit the ''/etc/ssh/sshd_config'' file on the server and set the ''PasswordAuthentication'' option to no. This will disable password-based authentication for the SSH service on the server.
    * Save the file and restart the SSH service by running the following command: ''systemctl restart ssh''
  - Test the key-based authentication:
    * From your local machine, try connecting to the server using the ssh command and the private key file:
    * ''ssh -i /path/to/private_key user@server_hostname_or_IP''

If the connection is successful, you have successfully set up key-based authentication for the server's SSH service.