https://wiki.pessinurmi.com/index.php?action=history&feed=atom&title=SSH-HardenSSH-Harden - Revision history2026-06-06T11:56:44ZRevision history for this page on the wikiMediaWiki 1.45.3https://wiki.pessinurmi.com/index.php?title=SSH-Harden&diff=369&oldid=prevExf at 07:18, 17 October 20222022-10-17T07:18:43Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 07:18, 17 October 2022</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l43">Line 43:</td>
<td colspan="2" class="diff-lineno">Line 43:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*PermitRootLogin no</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>*PermitRootLogin no</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Then restart ssh <del style="font-weight: bold; text-decoration: none;">pavelu </del><code>sudo service ssh restart</code></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Then restart ssh <ins style="font-weight: bold; text-decoration: none;">service </ins><code>sudo service ssh restart</code></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>You can then submit the task for evaluation.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>You can then submit the task for evaluation.</div></td></tr>
<!-- diff cache key my_wiki:diff:1.41:old-358:rev-369:php=table -->
</table>Exfhttps://wiki.pessinurmi.com/index.php?title=SSH-Harden&diff=358&oldid=prevExf at 15:17, 13 October 20222022-10-13T15:17:32Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 15:17, 13 October 2022</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[File:Ssh-Task.PNG|thumb|SSH Task]]</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[File:Ssh-wget.PNG|thumb|wget]]</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[File:Ssh-copy-id.PNG|thumb|ssh-copy-id]]</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[File:Chmod-and-connection.PNG|thumb|chmod and connecting without password]]</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[File:Sshd config.PNG|thumb|sshd_cofig]]</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===Description===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===Description===</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>During regular system audits, it was dicovered that one of the systems does not meet the organization security baseline.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>During regular system audits, it was dicovered that one of the systems does not meet the organization security baseline.</div></td></tr>
<!-- diff cache key my_wiki:diff:1.41:old-352:rev-358:php=table -->
</table>Exfhttps://wiki.pessinurmi.com/index.php?title=SSH-Harden&diff=352&oldid=prevExf: Created page with "===Description=== During regular system audits, it was dicovered that one of the systems does not meet the organization security baseline. Thereforce this system must be hardened. 200pts ===Question=== Harden the SSH configuration so that it meets the baseline. *Make sure that root login is disabled *Disable password authentication Add this [public key] so that the user: sysadmin is able to log in with their [private key] ===Solution=== To be on the safe side, I initi..."2022-10-13T15:13:05Z<p>Created page with "===Description=== During regular system audits, it was dicovered that one of the systems does not meet the organization security baseline. Thereforce this system must be hardened. 200pts ===Question=== Harden the SSH configuration so that it meets the baseline. *Make sure that root login is disabled *Disable password authentication Add this [public key] so that the user: sysadmin is able to log in with their [private key] ===Solution=== To be on the safe side, I initi..."</p>
<p><b>New page</b></p><div>===Description===<br />
During regular system audits, it was dicovered that one of the systems does not meet the organization security baseline.<br />
Thereforce this system must be hardened.<br />
<br />
200pts<br />
===Question===<br />
Harden the SSH configuration so that it meets the baseline.<br />
<br />
*Make sure that root login is disabled<br />
*Disable password authentication<br />
<br />
Add this [public key] so that the user: sysadmin is able to log in with their [private key]<br />
===Solution===<br />
To be on the safe side, I initially opened two ssh connections, because especially when you make changes to the ssh server settings, you can accidentally log yourself out of the whole server.<br />
<br />
Next, I downloaded both the private key and the public key to the .ssh folder on the local machine. Next, I used <code>ssh-copy-ip -i /root/.ssh/id_rsa.pub -p2224 sysadmin@env002.target02</code><br />
<br />
Before you can connect to the server you need to change the permissions on the private key. <code>chmod 600 id_rsa</code><br />
<br />
Next, you can try connecting to the server without a password with <code>ssh sysadmin@env002.target02 -p2224</code><br />
<br />
Once you have connected to the server you can start changing the ssh service settings. The first thing to do is to copy the original configuration file, so that the incorrectly configured settings can be restored if necessary.<br />
<br />
The server ssh configuration can be found at<code>/etc/ssh/sshd_config</code><br />
<br />
Next, you can try connecting to the server without a password with <code>ssh sysadmin@env002.target02 -p2224</code><br />
<br />
Once you have connected to the server you can start changing the ssh service settings. The first thing to do is to copy the original configuration file, so that the incorrectly configured settings can be restored if necessary.<br />
<br />
The server ssh configuration can be found at<code>/etc/ssh/sshd_config</code><br />
<br />
Make a copy of the file, then edit the sshd_config file.<br />
<br />
Add the following settings to the file<br />
*PasswordAuthentication no<br />
*UsePAM no<br />
*PermitRootLogin no<br />
<br />
Then restart ssh pavelu <code>sudo service ssh restart</code><br />
<br />
You can then submit the task for evaluation.<br />
===Tools===<br />
*ssh<br />
*nano<br />
*cp<br />
*ssh-copy-id<br />
===Flag===<br />
<br />
===Links===<br />
*[[CTF Challenges | Back to CTF Challenges page]]</div>Exf