Securing Remote Access

Password-based authentication is a major vulnerability. We will enforce Key-based authentication.

Steps:

1. Generate a key pair: ssh-keygen -t ed25519 -C "devsecops-course".
2. Modify /etc/ssh/sshd_config:
   • PermitRootLogin no
   • PasswordAuthentication no
   • Port 2222 (Change the default port).
3. Reload service: sudo systemctl restart ssh.

Warning: Don't close your current session until you verify the new connection works!