Secure your ssh connection disabling ssh password logins

First off, having to remember a password for each of your clients server it is quite daunting, so it might seem a good idea to store the password to your server access in a very secure spreadsheet file.

Well that is not a great idea, in stead you should secure the access to your server using an ssh key, this also will allow you to forget about a password and gaining access straight with a command line.

So let’s start.

First of all you will have to create a key , if you haven’t already (this is a MAC guide, but using putty it is even easier).

  1. Open Terminal.
  2. Paste the text below, substituting in your GitHub email address.
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    

    This creates a new ssh key, using the provided email as a label.

    Generating public/private rsa key pair.
    
  3. When you’re prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location.
    Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
    
  4. At the prompt, type a secure passphrase. For more information, see “Working with SSH key passphrases”.
    Enter passphrase (empty for no passphrase): [Type a passphrase]
    Enter same passphrase again: [Type passphrase again]

 

Now we need to connect to the server to add our public key to myuser:

ssh myuser@12.12.12.12

Insert your password and change the sshd_config file (i suggest also copy a backup of the file):

nano /etc/ssh/sshd_config

and make sure to have the following settings and restart the ssh server.:


ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

sudo service ssh restart

Test in a new terminal windows that the password login is disabled:

ssh myuser@12.12.12.12

Now we need to add our public key to the authorized_keys file

First on your local machine, copy the public key:

cat ~/.ssh/id_rsa.pub | pbcopy

and head to the remote server and add it into the following file:

nano ~/.ssh/authorized_keys

Now let’s create an ssh config file to store all our connection info nano ~/.ssh/config and insert the setting for your host:

Host myconncection
HostName 12.12.12.12
port 22
User myuser
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa

 

Now using terminal we could use ssh myconnection we can check if our setup works.

 

Secure your ssh connection disabling ssh password logins 2017-02-15T10:32:44+00:00 Soipo

Comments are closed.

%d bloggers like this: