Securing SSH for smOS

in #mining7 years ago (edited)

SimpleMining OS has ssh running on the default port of 22, a normal user named ‘miner’ with password ‘miner’ and a root user named ‘root’ with password ‘miner1324’. This isn’t very secure.

Screenshot_2018-02-11_19_38_13.jpg

In this tutorial we will:

  • Change the port that ssh runs on.
  • Prevent root user from using ssh.
  • Use ssh keys instead of passwords making logging in to your rig easier and more secure.
  • Change the miner and root user passwords.

Change the port that ssh runs on.

Connect to your smOS server by ssh or these commands can be run on the smOS console. Replace [my.smos.ip] with your smOS IP address.

ssh miner@[my.smos.ip]
sudo nano /etc/ssh/sshd_config

Then change the line ‘Port 22’ to something else such as ‘Port 22222’

Do not save and exit just yet…

Prevent root user from using ssh.

Search for the line ‘PermitRootLogin’ using the ‘Where is’ command.

[ctrl]+w
PermitRootLogin
[enter]
  • Now exit and save the two changes that you just made.
[ctrl]+x
y
[enter]

Restart the SSH daemon. You will not be disconnected when you do this.

sudo systemctl restart sshd

Check that the SSH daemon is running on the selected port.

sudo netstat -tulpn

Log off of the smOS server. The next time that you log in you will need to specify the new port number. We can setup an ssh config file to conveniently remember it for us.

exit

Use ssh keys instead of passwords

Using ssh keys to access your linux server is both more secure because only someone with an authorized private key can access it and it is more convenient because you do not have to remember and type a secure password.

From a Linux or MacOS client.
Check that you don’t already have ssh keys setup.

ls -la ~/.ssh/

If you have files named something like id_rsa and id_rsa.pub, those are your private and public keys.

If you don’t have them, you can create them. Replace [your_email@example.com] with your email address or any identifier that will be added to the end of the public key making it easier to identify.

ssh-keygen -t rsa -b 4096 -C "[your_email@example.com]"

Press [enter] to accept the default location of your home directory/.ssh
Type a passphrase to secure your private key in case it should ever get in the hands of someone else.

On Windows you will need the PuTTYgen to generate a key pair. This is a good guide.

On Linux start the ssh-agent (it will already be running on macOS).

eval "$(ssh-agent -s)"

Modify your ~/.ssh/config file.

nano ~/.ssh/config

On macOS Sierra or later only, add the following text to automatically load keys into the ssh-agent and store passphrases in your keychain. If you gave your private key a custom name or location you will need to alter the IdentityFile value so the it reflects your private key name and location.

Host *
 AddKeysToAgent yes
 UseKeychain yes
 IdentityFile ~/.ssh/id_rsa

For both MacOS and Linux lets add some convenience. Replace [my.smos.ip] with your rig ip or dns name(no brackets) on your local network and replace smOS with whatever shortcut you would like to use to connect to your rig.

Host smOS
        HostName [my.smos.ip]
        Port 22222
        User miner

Save and exit nano.

[ctrl]+x
y
[enter]

Add the SSH key to the ssh-agent using one of the command commented with your OS below (you do not need to enter the # or anything after it). If the keys are the default name and location you do not need to specify them.

ssh-add ~/.ssh/id_rsa #Linux
ssh-add -K ~/.ssh/id_rsa #macOS

Add the public key to the list of authorized keys for a user on your smOS server. Notice that we no longer need to specify a username, IP address or port because we added them to the ssh config file.

ssh-copy-id smOS

If your client computer does not have the ‘ssh-copy-id’ command you can manually add your client computers public key to the smOS miner user authorized_keys file. Copy the output of this command.

cat ~/.ssh/id_rsa.pub

Log in to your smOS server replacing [my.smos.ip] with your ip (no brackets).

ssh miner@[my.smos.ip]

On your smOS server.

nano ~/.ssh/authorized_keys

Paste the public key that you copied from from your client machine to a new line. Exit and save.

Now you can log into your smOS server using the ssh keys and the shortcut that you set in the ssh config file.

ssh smOS

Change the miner and root user passwords.

sudo passwd miner

You will be asked for a new password and to confirm.

sudo passwd root

Your rig is now more secure and easier to access than it was before.

Sort:  

Congratulations @greerso! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

Upvote this notification to help all Steemit users. Learn why here!