Secure your SSH connection disabling SSH password logins
First off, having to remember a password for each of your client's server it is quite daunting, so it might seem a good idea to store the password to your server access in a very secure spreadsheet file.
Well, that is not a great idea, instead, you should secure the access to your server using an ssh key, this also will allow you to forget about a password and gaining access straight with a command line.
So let’s start.
First of all, you will have to create a key , if you haven’t already (this is a MAC guide, but using putty it is even easier).
- Open Terminal.
- Paste the text below, substituting in your GitHub email address.
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
- This creates a new ssh key, using the provided email as a label.
Generating public/private rsa key pair.
- When you’re prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location.
Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
- At the prompt, type a secure passphrase. For more information, see “Working with SSH key passphrases”.
Enter passphrase (empty for no passphrase): [Type a passphrase] Enter same passphrase again: [Type passphrase again]
Now we need to connect to the server , we use DigitalOcean for our projects, which leaves us all the freedom we need for our projects.
You can insert your ssh key directly when creating a droplet, or connect to the server and add the public key to myuser:
ssh myuser@12.12.12.12
Insert your password and change the sshd_config file (i suggest also copy a backup of the file):
nano /etc/ssh/sshd_config
and make sure to have the following settings and restart the ssh server.:
ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no sudo service ssh restart
Test in a new terminal windows that the password login is disabled:
ssh myuser@12.12.12.12
Now we need to add our public key to the authorized_keys file
First, on your local machine, copy the public key:
cat ~/.ssh/id_rsa.pub | pbcopy
and head to the remote server and add it into the following file:
nano ~/.ssh/authorized_keys
Now let’s create an ssh config file to store all our connection info nano ~/.ssh/config and insert the setting for your host:
Host myconncection
HostName 12.12.12.12
port 22
User myuser
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
HostName 12.12.12.12
port 22
User myuser
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
Now using terminal we could use ssh myconnection we can check if our setup works.