Blog Post Image
Web Development
5 October, 2020

Secure your SSH connection disabling SSH password logins

Icon

Luigi Laezza

Share Facebook Share Linkedin

First off, having to remember a password for each of your client's server it is quite daunting, so it might seem a good idea to store the password to your server access in a very secure spreadsheet file.

Well, that is not a great idea, instead, you should secure the access to your server using an ssh key, this also will allow you to forget about a password and gaining access straight with a command line.

So let’s start.

First of all, you will have to create a key , if you haven’t already (this is a MAC guide, but using putty it is even easier).

  1. Open Terminal.
  2. Paste the text below, substituting in your GitHub email address.
  3. ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  4. This creates a new ssh key, using the provided email as a label.
  5. Generating public/private rsa key pair.
  6. When you’re prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location.
  7. Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
  8. At the prompt, type a secure passphrase. For more information, see “Working with SSH key passphrases”.
  9. Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]

Now we need to connect to the server , we use DigitalOcean for our projects, which leaves us all the freedom we need for our projects.

You can insert your ssh key directly when creating a droplet, or connect to the server and add the public key to myuser:

ssh myuser@12.12.12.12

Insert your password and change the sshd_config file (i suggest also copy a backup of the file):

nano /etc/ssh/sshd_config

and make sure to have the following settings and restart the ssh server.:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

sudo service ssh restart

Test in a new terminal windows that the password login is disabled:

ssh myuser@12.12.12.12

Now we need to add our public key to the authorized_keys file

First, on your local machine, copy the public key:

cat ~/.ssh/id_rsa.pub | pbcopy

and head to the remote server and add it into the following file:

nano ~/.ssh/authorized_keys

Now let’s create an ssh config file to store all our connection info nano ~/.ssh/config and insert the setting for your host:

Host myconncection
HostName 12.12.12.12
port 22
User myuser
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa

 

Now using terminal we could use ssh myconnection we can check if our setup works.

Related Articles

Packages
Blog Post Image
22 March, 2024

Replicate Api wrapper for Laravel

By Luigi Laezza

Web Development
Blog Post Image
16 August, 2023

Laravel from scratch on was EC2

By Vimuth Somarathna

Web Development
Blog Post Image
7 December, 2023

Pro and Cons of working with AI

By Luigi Laezza

Packages
Blog Post Image
29 July, 2020

InvoiceNinja module: Access

By Luigi Laezza