Advanced SSH Tutorial
Generate a new stronger key :
$~: sudo ssh-keygen -b 4096If it asks you to overwrite existing key, answer “yes”.
create the keys dir:
$~: sudo mkdir ~/.ssh/keysIn our setup we have one folder for each server, but you could just store all the keys in one folder, it makes no difference.
Generate new keys for each server you want to connect to Server1 :
$~: sudo ssh-keygen -b 4096 -C "server1"Change the location of where the key is saved.
Enter file in which to save the key (~/.ssh/id_rsa): ~/.ssh/keys/server1check that the keys where generated.
$~: ls ~/.ssh/keysCreate a config file for the ssh hosts and add :
$~: sudo nano /home/testuser/.ssh/config
# server1
Host server1
Hostname 192.168.1.113
User user1
IdentityFile ~/.ssh/keys/server1
Change permissions of the keys dir
Now you’re all set to connect to the remote server, but as we have done the setup with keys, there are just a few more things we have to configure on the remote server. But for now, at least the aliases should work. To login you simply just type
If this works without having to enter a password you can go ahead with next step, if it doesn’t work – fix the issue first. Next step will lock you out of your system if the key is wrong.
save and exit.
$~: sudo chmod -R 600 ~/.ssh/keys/Connect to the remote server
Now you’re all set to connect to the remote server, but as we have done the setup with keys, there are just a few more things we have to configure on the remote server. But for now, at least the aliases should work. To login you simply just type
$~: ssh server1you will have to type user1 password the first time, we need to copy server1.pub contant to server1 in authorized_keys file, in my PC :
$~: cat ~/.ssh/keys/server1.pubConnect to your remote server1 and type the user1 password.
$~: ssh server1open the authorized_keys file and copy the contant of server1.pub
$~: vi ~/.ssh/authorized_keysPaste the content from step 11 to server1 authorized_keys. To insert, press [SHIFT+i] to exit and save press [ESC] and type [:wq!], Exit remote server and test you new config.
$~: exitTry connect to server1, this time will not ask for password.
If this works without having to enter a password you can go ahead with next step, if it doesn’t work – fix the issue first. Next step will lock you out of your system if the key is wrong.
$~: vi /etc/ssh/sshd_configDon’t allow passwords, look for this row.
# Change to no to disable tunnelled clear text passwordsThis will disallow to login with password, and only accept keys for better security.
PasswordAuthentication no
save and exit.
Comments
Post a Comment