{"id":2111,"date":"2022-12-07T14:47:11","date_gmt":"2022-12-07T22:47:11","guid":{"rendered":"https:\/\/jetstreamsoft.com\/portal\/?post_type=ht_kb&#038;p=2111"},"modified":"2024-12-12T15:14:46","modified_gmt":"2024-12-12T23:14:46","slug":"ssh_security","status":"publish","type":"ht_kb","link":"https:\/\/jetstreamsoft.com\/portal\/jetstream-knowledge-base\/ssh_security\/","title":{"rendered":"SSH Security"},"content":{"rendered":"\n<p class=\"is-style-info wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon\">This article applies to all product versions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Setting SSH<\/h2>\n\n\n\n<p class=\"\">When deploying the JetStream DR MSA, a public key can be set to govern access to the system. If it is not provided, the system will allow password-based SSH access, which may be considered a security issue.<\/p>\n\n\n\n<p class=\"is-style-alert wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon\"><strong>Note<\/strong>: An option is provided to disable SSH access and prevent it from being used to log into the management server.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"\">To toggle password-based SSH access for users to log in to the MSA:\n<ul class=\"wp-block-list\">\n<li class=\"\">Edit the file&nbsp;<kbd><strong>\/etc\/ssh\/sshd_config<\/strong><\/kbd>.<\/li>\n\n\n\n<li class=\"\">Set the&nbsp;<em>PasswordAuthentication<\/em>&nbsp;option to \u201cyes\u201d or \u201cno\u201d<\/li>\n\n\n\n<li class=\"\">Restart the sshd service using the command:&nbsp;<code>service sshd restart<\/code>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li class=\"\">Additional SSH public keys can be manually appended to the file&nbsp;<strong><kbd>\/root\/.ssh\/authorized_keys<\/kbd><\/strong>&nbsp;or added by using the script&nbsp;<strong><kbd>ssh-copy-id<\/kbd><\/strong>.<\/li>\n\n\n\n<li class=\"\">If the directory or the file does not already exist, either can be manually created using the following commands:<br><br><code>mkdir \/root\/.ssh<br>echo \u201c\u201d &gt;&gt; \/root\/.ssh\/authorized_keys<br>chmod 600 \/root\/.ash\/authorized_keys<br>chmod 700 \/root\/.ssh\/<br><br>External references:<br>man sshd_config \u2013 https:\/\/man7.org\/linux\/man-pages\/man5\/sshd_config.5.html<br>man ssh-copy-id \u2013 https:\/\/www.unix.com\/man-page\/linux\/1\/SSH-COPY-ID\/<br>man sshd \u2013 https:\/\/man7.org\/linux\/man-pages\/man8\/sshd.8.html<\/code><\/li>\n<\/ol>\n\n\n\n<p class=\"is-style-info wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon\"><strong>Note<\/strong>: The directory must have access mode 700. The file must have access mode 600.<\/p>\n\n\n\n<p class=\"is-style-alert wp-block-ht-blocks-messages wp-block-hb-message wp-block-hb-message--withicon\">If you need assistance managing SSH on the MSA, <a href=\"https:\/\/jetstreamsoft.com\/portal\/jetstream-knowledge-base\/contacting-jetstream-software\/\" data-type=\"ht_kb\" data-id=\"2733\">contact JetStream Support<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Setting SSH When deploying the JetStream DR MSA, a public key can be set to govern access to the system. If it is not provided, the system will allow password-based SSH access, which may be considered a security issue.<\/p>\n","protected":false},"author":1,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"nf_dc_page":"","footnotes":""},"ht-kb-category":[245],"ht-kb-tag":[227],"class_list":["post-2111","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-how-to","ht_kb_tag-network-connectivity"],"_links":{"self":[{"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb\/2111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/comments?post=2111"}],"version-history":[{"count":1,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb\/2111\/revisions"}],"predecessor-version":[{"id":5019,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb\/2111\/revisions\/5019"}],"wp:attachment":[{"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/media?parent=2111"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb-category?post=2111"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/jetstreamsoft.com\/portal\/wp-json\/wp\/v2\/ht-kb-tag?post=2111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}