/
SSH Security

SSH Security

Owned by Anthony Lai
Last updated: Jun 03, 2024
1 min read

Setting SSH

When deploying the JetStream DR MSA, a public key can be set to govern access to the system. If it is not provided, the system will allow password based SSH access, which may be considered a security issue.

Note: An option is provided to disable SSH access and prevent it from being used to log into the management server.

  1. To toggle password based SSH access for users to log in to the MSA:

    • Edit the file /etc/ssh/sshd_config.

    • Set the PasswordAuthentication option to “yes” or “no”

    • Restart the sshd service using the command: service sshd restart.

  2. Additional SSH public keys can be manually appended to the file /root/.ssh/authorized_keys or added by using the script ssh-copy-id.

  3. If the directory or the file does not already exist, either can be manually created using the following commands:

    mkdir /root/.ssh
    echo “” >> /root/.ssh/authorized_keys
    chmod 600 /root/.ash/authorized_keys
    chmod 700 /root/.ssh/

    External references:
    man sshd_config – https://man7.org/linux/man-pages/man5/sshd_config.5.html
    man ssh-copy-id – https://www.unix.com/man-page/linux/1/SSH-COPY-ID/
    man sshd – https://man7.org/linux/man-pages/man8/sshd.8.html

 

Note: The directory must have access mode 700. The file must have access mode 600.

If you need assistance managing SSH on the MSA, contact JetStream Support.