SSH: Difference between revisions

From SWKLS WIKI
Jump to navigation Jump to search
(Created page with "SSH Key Setup Key Authentication with PuTTY Server-side Begin with generating proper folder permissions for .ssh Make sure you're under the proper user before entering code...")
 
No edit summary
 
Line 1: Line 1:
SSH Key Setup
==SSH Key Setup==
Key Authentication with PuTTY
===Key Authentication with PuTTY===
Server-side
====Server-side====
Begin with generating proper folder permissions for .ssh
* Begin with generating proper folder permissions for .ssh
* Make sure you're under the proper user before entering code
<syntaxhighlight lang="bash">
ssh-keygen
</syntaxhighlight>


Make sure you're under the proper user before entering code
ssh-keygen
Accept defaults for all prompts: [enter]
Accept defaults for all prompts: [enter]


Now create an authorized keys file under the .ssh folder created, and set permissions
Now create an authorized keys file under the .ssh folder created, and set permissions
 
<syntaxhighlight lang="bash">
touch /home/<username>/.ssh/authorized_keys
touch /home/<username>/.ssh/authorized_keys
chmod 600 /home/<username>/.ssh/authorized_keys
chmod 600 /home/<username>/.ssh/authorized_keys
PuttyGen
</syntaxhighlight>
 
====PuttyGen====
Inside of the puttygen program generate a key that will be used for connecting to the server
Inside of the puttygen program generate a key that will be used for connecting to the server


Under Actions heading click on Generate to generate a key pair
# Under Actions heading click on Generate to generate a key pair
When done, click on Save Private Key, and name it priv.ppk
# When done, click on Save Private Key, and name it priv.ppk
Manually copy and paste the public key starting from "ssh-rsa" down to the end of the key ending in "rsa-key-<numbers>" into a new file named public
# Manually copy and paste the public key starting from "ssh-rsa" down to the end of the key ending in "rsa-key-<numbers>" into a new file named public
 
# Once you're done with this make sure to move a copy of the files into a new entry for KeePass
Once you're done with this make sure to move a copy of the files into a new entry for KeePass


Server-side
====Server-side====
Copy the text of the public key you created, and insert it into the authorized_keys file:
Copy the text of the public key you created, and insert it into the authorized_keys file:
 
<syntaxhighlight lang="bash">
vim /home/<username>/.ssh/authorized_keys
vim /home/<username>/.ssh/authorized_keys
</syntaxhighlight>
Apply the key to a separate ssh session to make sure you've done everything correctly
Apply the key to a separate ssh session to make sure you've done everything correctly


Now to disallow root login and change other configuration for ssh:
Now to disallow root login and change other configuration for ssh:
 
<syntaxhighlight lang="bash">
sudo -i
sudo -i
 
</syntaxhighlight>
# you are now under the root user
(you are now under the root user)
 
<syntaxhighlight lang="bash">
vim /etc/ssh/sshd_config
vim /etc/ssh/sshd_config
</syntaxhighlight>


#
Within the config change settings to match the following  !!Remove # sign if applicable!!
# Within the config change settings to match the following  !!Remove # sign if applicable!!
  PermitRootLogin no
#
  PasswordAuthentication no
# PermitRootLogin no
  UsePAM no
#
# PasswordAuthentication no
#
# UsePAM no
#
Finally, Restart the sshd service to enable these changes:
Finally, Restart the sshd service to enable these changes:


<syntaxhighlight lang="bash">
sudo systemctl restart sshd
sudo systemctl restart sshd
</syntaxhighlight>


[[Category:Linux]]
[[Category:Linux]]

Latest revision as of 14:45, 26 March 2020

SSH Key Setup

Key Authentication with PuTTY

Server-side

  • Begin with generating proper folder permissions for .ssh
  • Make sure you're under the proper user before entering code
ssh-keygen

Accept defaults for all prompts: [enter]

Now create an authorized keys file under the .ssh folder created, and set permissions

touch /home/<username>/.ssh/authorized_keys
chmod 600 /home/<username>/.ssh/authorized_keys

PuttyGen

Inside of the puttygen program generate a key that will be used for connecting to the server

  1. Under Actions heading click on Generate to generate a key pair
  2. When done, click on Save Private Key, and name it priv.ppk
  3. Manually copy and paste the public key starting from "ssh-rsa" down to the end of the key ending in "rsa-key-<numbers>" into a new file named public
  4. Once you're done with this make sure to move a copy of the files into a new entry for KeePass

Server-side

Copy the text of the public key you created, and insert it into the authorized_keys file:

vim /home/<username>/.ssh/authorized_keys

Apply the key to a separate ssh session to make sure you've done everything correctly

Now to disallow root login and change other configuration for ssh:

sudo -i

(you are now under the root user)

vim /etc/ssh/sshd_config

Within the config change settings to match the following  !!Remove # sign if applicable!!

 PermitRootLogin no
 PasswordAuthentication no
 UsePAM no

Finally, Restart the sshd service to enable these changes:

sudo systemctl restart sshd