I’ve taken a bold step: I’ve enabled SSH back to my home computer.
For OPSEC, I’ve disabled all authentication methods except Public Key, with the hope that I can have a secure, reliable, SFTP connection my home machine from anywhere.
To make this change:
- I added my public key to
~/.ssh/authorized_keys
- You can run this command:
ssh-copy-id -i ~/id_rsa.pub username@ip.add.ress.here
- …or just copy
~/.ssh/id_rsa.pub
into ~/.ssh/authorized_keys/
- I enabled Remote Login in System Preferences
- To disable password-based authentication, I edited
/etc/ssh/sshd_config
with these changes:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
1
That tutorial also recommends setting KbdInteractiveAuthentication no
, but according to ssh.com:
Specified whether keyboard-interactive authentication is allowed. By default, the value of ChallengeResponseAuthentication
is used.
Since it takes the value of ChallengeResponseAuthentication
by default, I haven’t specified a value for KbdInteractiveAuthentication
.
After making these changes, it’s important to restart ssh
:
sudo launchctl stop com.openssh.sshd
If it looks like I’ve done something foolish, please let me know!