Quick SSH Public Key Authentication Howto
#1
Quick SSH Public Key Authentication Howto


A quick guide to teach you how you can enable and use the SSH public key authentication instead of the password authentication to add a little more security to your server. This does not include the part of the key generation. Should be easy enough on Windows with puttygen and Linux has tools onboard for such things already.



1. Create the .ssh folder

Terminal

mkdir ~/.ssh



2. Creating the authorized_keys file and adding all keys

Terminal

nano ~/.ssh/authorized_keys


Nano will open a new buffer named authorized_keys. Paste all your public keys in the OpenSSH-RSA format (one key per line). After you've pasted all your keys save the file with CTRL + O and then ENTER. Close nano with CTRL + X.

You're not really forced to use Nano. Use whatever you want. Vi is perfect, too.


3. Setting correct permission

Terminal

chmod 600 ~/.ssh/authorized_keys; chmod go-w ~/.ssh


Step one to three have to be done for every single Linux system user account that you want to be able to login into the system. If you don't do this for the other accounts they won't be able to login as password authentication is disabled and their public key is not located on your server in their home directory.


4. Configure SSHD

Terminal

nano /etc/ssh/sshd_config


Find and uncomment "RSAAuthentication yes" and "PubkeyAuthentication yes" by removing the # infront of it. If they are uncommented already but set to no set them to yes. To disable password authentication find "PasswordAuthentication yes" and set it to no. If it is commented then uncomment it by removing the # infront of it and set it to no.

Save the file and restart your SSHD service.



That's everything already. Four quick steps that make your server a little more secure.




Users browsing this thread: 1 Guest(s)