Skip to content

Instantly share code, notes, and snippets.

@stojan211287

stojan211287/CentralizedSSHCredsChecklist.md

Created February 23, 2020 20:37
Show Gist options
  • Save stojan211287/3bdb7e688e617de6f1e9754230125f65 to your computer and use it in GitHub Desktop.
Save stojan211287/3bdb7e688e617de6f1e9754230125f65 to your computer and use it in GitHub Desktop.
Download ZIP
How to setup a server with secure SSH access and a centralized public key store
Raw
CentralizedSSHCredsChecklist.md

Checklist

  • Turn off password access in /etc/ssh/sshd_config
  • Turn off GSS API access in /etc/ssh/sshd_config
  • Change AuthorizedKeysPath in /etc/ssh/sshd_config to /ssh_keys/%u/authorized_keys
  • Place public keys in /ssh_keys/%u/authorized_keys
    • NOTE: The sysadmin needs to do this manually for every user, after the user executes ssh-copy-id
  • sudo chown root:root -R /ssh_keys
  • sudo chmod 711 /ssh_keys
  • sudo chmod 711 /ssh_keys/%u , for all users
  • sudo chmod 644 /ssh_keys/%u/authorized_keys , for all users
  • sudo systemctl restart sshd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment