PiKVM SSH Hardening

Setting up my PiKVM this weekend. Got initial configs done and and tailscale set up. I had some trouble with adding my public SSH key to the PiKVM and wanted to record it here if anyone else was doing this.

rw
useradd USER_NAME
passwd USER_NAME

visudo /etc/sudoers
insert
USER_NAME   ALL=(ALL:ALL) ALL
ctrl+c
:wq

vi /etc/ssh/sshd_config
insert
PubkeyAuthentication yes
ctrl+c
:wq

wo
reboot

ssh [email protected]
sudo rw

Now in a new terminal use the ssh-copy-id command to copy your public key to the PiKVM. MAKE SURE THE FILESYSTEM ON THE PiKVM IS RW

Now go back to the terminal that is ssh’d into the PiKVM

cat ~/.ssh/authorized_keys
exit

Now try ssh’ing back into the PiKVM. It should now use your ssh key to authenticate. If everything is gtg then edit the /etc/ssh/sshd_config one more time.

sudo vi /etc/ssh/sshd_config
insert
PasswordAuthentication no
PermitRootLogin no
ctr+c
:wq

ro
reboot

Make sure to set the file system back to read only and reboot. Now you have ssh over port 22 set to only authenticate via ssh keys and no root access.

Thanks for reading and if you find any improvements I can make please reply and I’ll make some edits.

Good stuff! I had to manually create my non-root user’s home directory. You can automate this by instead running:

useradd --create-home USER_NAME

Also, at the end you don’t need to reboot to have your sshd config changes take effect. Instead, you can restart the service which will keep any existing SSH sessions alive:

sudo systemctl restart sshd

Glad you got some use out of it and thanks for commenting on how to make it better!