Difference between revisions of "SSH key-based authentication"
From rdkwiki
m |
|||
| Line 5: | Line 5: | ||
* '''ssh-keygen -t rsa''' --> generate the private/public key (it will ask for a location and a passphrase (optional) ) | * '''ssh-keygen -t rsa''' --> generate the private/public key (it will ask for a location and a passphrase (optional) ) | ||
| − | by default it will generate two files in the folder ~/.ssh: | + | by default it will generate two files in the folder ~/.ssh/: |
| − | '''id_rsa''' with private key | + | '''id_rsa''' with private key |
| − | '''id_rsa.pub''' with the public key | + | '''id_rsa.pub''' with the public key |
== Publishing the public key for access == | == Publishing the public key for access == | ||
Revision as of 18:33, 30 October 2016
Contents
Intro
The steps below will secure the SSH access of your server with key-based authentication assuming you are logged on as the user that you want to allow access.
Generate the private and public key
- ssh-keygen -t rsa --> generate the private/public key (it will ask for a location and a passphrase (optional) )
by default it will generate two files in the folder ~/.ssh/:
id_rsa with private key id_rsa.pub with the public key
Publishing the public key for access
- cd ~/.ssh --> goto folder containing the generated keys
- cat id_rsa.pub --> copy public key from screen!
- sudo nano ~/.ssh/authorized_keys --> paste the public key and safe the file.
- copy the private key from id_rsa to your local system and keep it safe! (For Putty access it might be needed to convert with puttygen.exe to make the file compatible)
Securing SSH (after public/private key implementation)
- sudo nano /etc/ssh/sshd_config
change/uncomment: PermitRootLogin no --> (optional) this will disallow 'root' to login with SSH. change/uncomment: PasswordAuthentication no --> this will force key-authentication
- sudo systemctl restart sshd --> restart SSH with new configuration
