Blog Post Image
5 October, 2020

Secure your SSH connection disabling SSH password logins

Icon

Luigi Laezza

Web Development

First off, having to remember a password for each of your client's server it is quite daunting, so it might seem a good idea to store the password to your server access in a very secure spreadsheet file.

Well, that is not a great idea, instead, you should secure the access to your server using an ssh key, this also will allow you to forget about a password and gaining access straight with a command line.

So let’s start.

First of all, you will have to create a key , if you haven’t already (this is a MAC guide, but using putty it is even easier).

  1. Open Terminal.
  2. Paste the text below, substituting in your GitHub email address.
  3. ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  4. This creates a new ssh key, using the provided email as a label.
  5. Generating public/private rsa key pair.
  6. When you’re prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location.
  7. Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
  8. At the prompt, type a secure passphrase. For more information, see “Working with SSH key passphrases”.
  9. Enter passphrase (empty for no passphrase): [Type a passphrase]
    Enter same passphrase again: [Type passphrase again]

Now we need to connect to the server , we use DigitalOcean for our projects, which leaves us all the freedom we need for our projects.

You can insert your ssh key directly when creating a droplet, or connect to the server and add the public key to myuser:

ssh myuser@12.12.12.12

Insert your password and change the sshd_config file (i suggest also copy a backup of the file):

nano /etc/ssh/sshd_config

and make sure to have the following settings and restart the ssh server.:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

sudo service ssh restart

Test in a new terminal windows that the password login is disabled:

ssh myuser@12.12.12.12

Now we need to add our public key to the authorized_keys file

First, on your local machine, copy the public key:

cat ~/.ssh/id_rsa.pub | pbcopy

and head to the remote server and add it into the following file:

nano ~/.ssh/authorized_keys

Now let’s create an ssh config file to store all our connection info nano ~/.ssh/config and insert the setting for your host:

Host myconncection
HostName 12.12.12.12
port 22
User myuser
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa

 

Now using terminal we could use ssh myconnection we can check if our setup works.