For this lab, use the same server VM that you used for the previous lab. Let's get started:
- On either an Ubuntu or a CentOS server VM, look for this line in the sshd_config file:
#PasswordAuthentication yes
- Remove the comment symbol, change the parameter value to no, and restart the SSH daemon. The line should now look like this:
PasswordAuthentication no
Now, when the botnets scan your system, they'll see that doing a brute-force password attack would be useless. They'll then just go away and leave you alone.
- Look for either of these two lines, depending on whether the server is an Ubuntu or a CentOS VM:
#PermitRootLogin yes
#PermitRootLogin prohibit-password
Uncomment the line and change it to the following:
PermitRootLogin no
- Restart the SSH daemon so that it will read in the new changes. On Ubuntu, you can do this like so:
sudo systemctl restart ssh
On CentOS, you can do this like so:
sudo systemctl restart sshd
- Attempt to log into the server VM from the client that you used in the previous lab.
- Attempt to log into the server VM from another client on which you haven't created a key pair. (You shouldn't be able to.)
- As before, keep the server VM, because we'll do more with it in a bit.
You've reached the end of the lab – congratulations!
Now that we've covered how to create a private/public key pair on the clientside and how to transfer the public key to the server, let's talk about the types of algorithms that SSH uses. After that, we'll talk about how to disable some of the older, weaker algorithms.