If you want to remote your server from home, you can, but you cannot simply install OpenSSH with a password, which is very insecure. I highly recommend that you use type Ed25519 ssh, which is the most secure and fast access to ssh. I suggest looking at this website. Follow the instructions on the red hat website to protect your Linux Server. These are the most correct. Or here is my config for server ssh config I made.
But first we need to generate our ed25519 key for our ssh access or SFTP…
- Download Putty
- open program on Windows PC putty gen (Putty Key Generator)
- select EdDSA then select Ed25519 then generate
- Please generate some random by moving the mouse over the blank area on puTTygen (Putty Key Generator).
- After you generate, you can modify key comment and key passphrase
- Go over your server, type the command to modify authorized_keys – “nano ~/.ssh/authorized_keys” then add your Public Key from your puTTygen (Putty Key Generator) on your Windows pc copy these to Your Linux Server.
- Save authorized_keys, then restart ssh services.
It is important to note that the server can still be accessed with a password, and therefore, we must proceed to the server Linux SSH configuration and generate the file richardprofile.conf or whatevername.conf. The SSH path is /etc/ssh/sshd_config/sshd_config.d/richardprofile.conf.
Port 22 PermitEmptyPasswords no PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no PermitEmptyPasswords no ClientAliveInterval 60 ClientAliveCountMax 3
Now, save the configuration file and restart ssh. At present, you are 70 percent secured, as we will configure Fail2ban to ban IPs to prevent traffic from stressing our network.
These are perfect, and now I am planning to create a banner in ssh very soon.