Difference between revisions of "SSH key-based authentication"
From rdkwiki
m |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
* '''ssh-keygen -t rsa''' --> generate the private/public key (it will ask for a location and a passphrase (optional) ) | * '''ssh-keygen -t rsa''' --> generate the private/public key (it will ask for a location and a passphrase (optional) ) | ||
| − | by default it will generate two files in the folder ~/.ssh/: | + | by default it will generate two files in the folder '''~/.ssh/''': |
| − | + | : '''id_rsa''' with private key | |
| − | + | : '''id_rsa.pub''' with the public key | |
== Publishing the public key for access == | == Publishing the public key for access == | ||
* '''cd ~/.ssh''' --> goto folder containing the generated keys | * '''cd ~/.ssh''' --> goto folder containing the generated keys | ||
* '''cat id_rsa.pub''' --> copy public key from screen! | * '''cat id_rsa.pub''' --> copy public key from screen! | ||
| − | * ''' | + | * '''nano ~/.ssh/authorized_keys''' --> paste the public key and safe the file. |
* copy the private key from '''id_rsa''' to your local system and keep it safe! (For Putty access it might be needed to convert with puttygen.exe to make the file compatible) | * copy the private key from '''id_rsa''' to your local system and keep it safe! (For Putty access it might be needed to convert with puttygen.exe to make the file compatible) | ||
== Securing SSH (after public/private key implementation) == | == Securing SSH (after public/private key implementation) == | ||
| − | * ''' | + | * '''nano /etc/ssh/sshd_config''' |
change/uncomment: '''PermitRootLogin no''' --> (optional) this will disallow 'root' to login with SSH. | change/uncomment: '''PermitRootLogin no''' --> (optional) this will disallow 'root' to login with SSH. | ||
change/uncomment: '''PasswordAuthentication no''' --> this will force key-authentication | change/uncomment: '''PasswordAuthentication no''' --> this will force key-authentication | ||
| − | * ''' | + | * '''systemctl restart sshd''' --> restart SSH with new configuration |
Latest revision as of 08:05, 31 October 2016
Contents
Intro
The steps below will secure the SSH access of your server with key-based authentication assuming you are logged on as the user that you want to allow access.
Generate the private and public key
- ssh-keygen -t rsa --> generate the private/public key (it will ask for a location and a passphrase (optional) )
by default it will generate two files in the folder ~/.ssh/:
- id_rsa with private key
- id_rsa.pub with the public key
Publishing the public key for access
- cd ~/.ssh --> goto folder containing the generated keys
- cat id_rsa.pub --> copy public key from screen!
- nano ~/.ssh/authorized_keys --> paste the public key and safe the file.
- copy the private key from id_rsa to your local system and keep it safe! (For Putty access it might be needed to convert with puttygen.exe to make the file compatible)
Securing SSH (after public/private key implementation)
- nano /etc/ssh/sshd_config
change/uncomment: PermitRootLogin no --> (optional) this will disallow 'root' to login with SSH. change/uncomment: PasswordAuthentication no --> this will force key-authentication
- systemctl restart sshd --> restart SSH with new configuration
