Securing your server using SSH is beneficial because it provides a safeguard against brute force attacks. SSH keys, or Secure Shell keys, offer a form on encryption that creates complex and lengthy passwords, making it much harder for someone to gain access to your system. Previously, we went over how to secure your server with SSH keys on a Windows client using PuTTY gen. Today, we will be going over the steps of securing your server by generating RSA keys using a Linux client. In the example below, we have used Ubuntu desktop. To find out how to install and configure your own SSH keys on a Linux desktop, read on!
Generate RSA Keys
1. Open your terminal, go into sudo su mode and type the following:
#ssh-keygen -t rsa
2. If you would like to maximize your security, you can also use 4096 bits as opposed to the default of 2048 by typing:
#ssh-keygen -t rsa -b 4096
After generating the RSA keys, both the public and private keys can be found in your ~/.ssh directory
3. Similar to our previous RSA key post using a Windows client, we will be setting up permissions so that the owner, such as yourself, can read, write, and execute:
#chmod 700 ~/.ssh
4. Like step 3, we will be changing the permissions as shown below:
#chmod 600 ~/.ssh/id_rsa
Implementing Public Key on your SSH Server
To copy and install our public key that we have just generated, we will be using ssh-copy-id. For this example, our CentOS server’s IP will be 1.1.1.1
1. Type the following to install and copy your public key to your SSH server and then enter your password once asked:
#ssh-copy-id -i ~/.ssh/id_rsa.pub root@1.1.1.1
2. And just like before, we will be setting up permissions for both ~/.ssh and ~/.ssh/authorized_keys by typing in the following:
#chmod 700 ~/.ssh
#chmod 600 ~/.ssh/authorized_keys
Configure OpenSSH to Disable Passwords
1. To disable PasswordAuthentication, go into your sshd_config file and do the following:
#nano /etc/sshd_config
Find the following line and change to “no” then save and exit.
PasswordAuthentication no
2. Type the following to restart OpenSSH:
#service sshd restart
Connect Server through Linux Desktop
1. If you have followed the instructions with success, you should now be able to SSH to your server without having the password prompt:
#ssh root@1.1.1.1
That’s it! If you have any questions about securing your server with SSH Keys using a Windows or Linux client, feel free to ask us below.
[…] securing your server with SSH Keys to installing self-signed SSL on Apache with CentOS 7, we really value web security at Canadian […]