Secure your ssh connection disabling ssh password logins

First off, having to remember a password for each of your clients server it is quite daunting, so it might seem a good idea to store the password to your server access in a very secure spreadsheet file.

Well that is not a great idea, in stead you should secure the access to your server using an ssh key, this also will allow you to forget about a password and gaining access straight with a command line.

So let’s start.

First of all you will have to create a key , if you haven’t already (this is a MAC guide, but using putty it is even easier).

  1. Open Terminal.
  2. Paste the text below, substituting in your GitHub email address.
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    

    This creates a new ssh key, using the provided email as a label.

    Generating public/private rsa key pair.
    
  3. When you’re prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location.
    Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
    
  4. At the prompt, type a secure passphrase. For more information, see “Working with SSH key passphrases”.
    Enter passphrase (empty for no passphrase): [Type a passphrase]
    Enter same passphrase again: [Type passphrase again]

Now we need to connect to the server , we use DigitalOcean for our projects, which leaves us all the freedom we need for our projects.

You can insert your ssh key directly when creating a droplet, or connect to the server and add the public key to myuser:

ssh myuser@12.12.12.12

Insert your password and change the sshd_config file (i suggest also copy a backup of the file):

nano /etc/ssh/sshd_config

and make sure to have the following settings and restart the ssh server.:


ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

sudo service ssh restart

Test in a new terminal windows that the password login is disabled:

ssh myuser@12.12.12.12

Now we need to add our public key to the authorized_keys file

First on your local machine, copy the public key:

cat ~/.ssh/id_rsa.pub | pbcopy

and head to the remote server and add it into the following file:

nano ~/.ssh/authorized_keys

Now let’s create an ssh config file to store all our connection info nano ~/.ssh/config and insert the setting for your host:

Host myconncection
HostName 12.12.12.12
port 22
User myuser
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa

 

Now using terminal we could use ssh myconnection we can check if our setup works.

 

Secure your ssh connection disabling ssh password logins 2017-02-15T10:32:44+00:00 Soipo

Comments are closed.

Privacy Preference Center

gdpr

We track users consent by creating a cookie and storing their preferences there.

soiposervices.com

_ga

Used to distinguish users.

soiposervices.com

_gat

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.

soiposervices.com

_gid

Used to distinguish users.

soiposervices.com

lang

Used to understand the locale used by the user and present the right content.

cdn.syndication.twimg.com
Used to understand the locale used by the user and present the right content.

tk_lr

Collection of internal metrics for user activity, used to improve user experience.

soiposervices.com

tk_or

Collection of internal metrics for user activity, used to improve user experience.

soiposervices.com

tk_r3d

Collection of internal metrics for user activity, used to improve user experience.

soiposervices.com

NID

Used to distinguish users.

google.com
Used to distinguish users.

Close your account?

Your account will be closed and all data will be permanently deleted and cannot be recovered. Are you sure?

%d bloggers like this: