Remove SSH Host Key Pairs:
If you plan to share an AMI derived from a public AMI, remove the existing SSH host key pairs located in /etc/ssh. This forces SSH to generate new unique SSH key pairs when someone launches an instance using your AMI, improving security and reducing the likelihood of "man-in-the-middle" attacks.
You can securely remove all of these files with the following command.
# shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
Restart the sshd service:
# systemctl restart sshd.service
Switch to root account:
# sudo su -
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/building-shared-amis.html
Thursday, February 26, 2015
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment