Monday, June 27, 2016

Advanced SSH Tutorial

Generate a new stronger key :
$~: sudo ssh-keygen -b 4096
If it asks you to overwrite existing key, answer “yes”.
create the keys dir:

$~: sudo mkdir ~/.ssh/keys
In our setup we have one folder for each server, but you could just store all the keys in one folder, it makes no difference.
Generate new keys for each server you want to connect to Server1 :

$~: sudo ssh-keygen -b 4096 -C "server1"
Change the location of where the key is saved.
Enter file in which to save the key (~/.ssh/id_rsa): ~/.ssh/keys/server1
check that the keys where generated.
$~: ls ~/.ssh/keys
Create a config file for the ssh hosts and add :
$~: sudo nano /home/testuser/.ssh/config
# server1
Host server1
User user1
IdentityFile ~/.ssh/keys/server1
Change permissions of the keys dir
$~: sudo chmod -R 600 ~/.ssh/keys/
Connect to the remote server
Now you’re all set to connect to the remote server, but as we have done the setup with keys, there are just a few more things we have to configure on the remote server. But for now, at least the aliases should work. To login you simply just type

$~: ssh server1
you will have to type user1 password the first time, we need to copy contant to server1 in authorized_keys file, in my PC :
$~: cat ~/.ssh/keys/
Connect to your remote server1 and type the user1 password.
$~: ssh server1
open the authorized_keys file and copy the contant of
$~: vi ~/.ssh/authorized_keys
Paste the content from step 11 to server1 authorized_keys. To insert, press [SHIFT+i] to exit and save press [ESC] and type [:wq!], Exit remote server and test you new config.
$~: exit
Try connect to server1, this time will not ask for password.
If this works without having to enter a password you can go ahead with next step, if it doesn’t work – fix the issue first. Next step will lock you out of your system if the key is wrong.

$~: vi /etc/ssh/sshd_config
Don’t allow passwords, look for this row.
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
This will disallow to login with password, and only accept keys for better security.
save and exit.

No comments:

Post a Comment