Blog Post Image
5 October, 2020

Secure your SSH connection disabling SSH password logins

Icon

Luigi Laezza

Icon

4 minutes

Web Development

 
Managing multiple client servers can be overwhelming, especially when remembering different passwords. While storing them in a secure spreadsheet might seem like a good idea, it’s actually a security risk. Instead, the best way to secure your server access is by using SSH keys
 
SSH keys not only eliminate the need for passwords but also provide a more secure and efficient way to connect to your server. In this guide, we’ll walk you through the step-by-step process of setting up SSH authentication on a Mac (Windows users can use PuTTY for an even easier setup). 

So let’s start.

First of all, you will have to create a key , if you haven’t already (this is a MAC guide, but using putty it is even easier).

  1. Open Terminal.
  2. Paste the text below, substituting in your GitHub email address.
  3. ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  4. This creates a new ssh key, using the provided email as a label.
  5. Generating public/private rsa key pair.
  6. When you’re prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location.
  7. Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
  8. At the prompt, type a secure passphrase. For more information, see “Working with SSH key passphrases”.
  9. Enter passphrase (empty for no passphrase): [Type a passphrase]
    Enter same passphrase again: [Type passphrase again]

Now we need to connect to the server , we use DigitalOcean for our projects, which leaves us all the freedom we need for our projects.

You can insert your ssh key directly when creating a droplet, or connect to the server and add the public key to myuser:

ssh myuser@12.12.12.12

Insert your password and change the sshd_config file (i suggest also copy a backup of the file):

nano /etc/ssh/sshd_config

and make sure to have the following settings and restart the ssh server.:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

sudo service ssh restart

Test in a new terminal windows that the password login is disabled:

ssh myuser@12.12.12.12

Now we need to add our public key to the authorized_keys file

First, on your local machine, copy the public key:

cat ~/.ssh/id_rsa.pub | pbcopy

and head to the remote server and add it into the following file:

nano ~/.ssh/authorized_keys

Now let’s create an ssh config file to store all our connection info nano ~/.ssh/config and insert the setting for your host:

Host myconncection
HostName 12.12.12.12
port 22
User myuser
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa

 
 
By setting up SSH key authentication, you improve security, efficiency, and ease of access when managing multiple servers. Whether you’re using DigitalOcean, AWS, or any VPS provider, this method ensures a secure, password-free connection to your servers.