Contact Us:
07002007332
CheapDeveloper
CheapDeveloper » Webmaster » Articles » How to set up SSH keys and passphrase for your server

How to set up SSH keys and passphrase for your server

11 December 2021, Saturday By Priyanka Boruah
66
0

Introduction

SSH keys allow you to log in to the virtual server in a more secure way than using a password, by using SSH. While the server can be hacked by using brute-force method, it is almost impossible to decrypt SSH keys using this method alone. SSH is a pair of keys, one of which is public (public) and the other is private (or private, and only you have it). First, you put the public key file on your SSH server and then connect to the server using the private key. Correct operation is possible only if both keys are available – and it is thanks to this that your message will be secure, and at the same time you do not need to use a password. You can enhance the security of this authorization method by activating a passphrase request for the private key.

On this page

Introduction

Step 1 - Generate RSA Key Pair

Step 2 - Set Keys and Password

Step 3 - Copy the public key

Step 4 - Deactivate Root Password

Related: How to install Nginx on Ubuntu

set up SSH keys and passphrase

Step 1 - Generate RSA Key Pair

First you need to create a key pair:

ssh-keygen -t rsa

Step 2 - Set Keys and Password

As soon as you enter the key generation command, you will need to define the following parameter:

Enter file in which to save the key (/home/yourdirect/.ssh/id_rsa):

You can just press Enter, and then the file will be saved to the default directory selected above.

Enter passphrase (empty for no passphrase):

The use of a passphrase is optional and is at your discretion. However, setting a passphrase has its advantage: if your private key falls into the hands of attackers, they will not be able to log into your account until they pick up the passphrase, which means you will have additional time to take the necessary measures. The only downside to using a passcode is, of course, that you have to enter it every time you log in via SSH.

The entire process of creating keys has the following code expression:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yourdirect/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/yourdirect/.ssh/id_rsa.
Your public key has been saved in /home/yourdirect/.ssh/id_rsa.pub.
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 yourdirect@a
The key's randomart image is:
+--[ RSA 2048]----+
| .oo. |
| . o.E |
| + . o |
| . = = . |
| = S = . |
| o + = + |
| . o + o . |
| . o |
| |
+-----------------+

The location of the public key is now /home/yourdirect/.ssh/id_rsa.pub, and the private key is /home/yourdirect/.ssh/id_rsa.

Step 3 - Copy the public key

After you have created a key pair, you need to add the public key to the virtual server you need.

You can do this in two ways:

  • Using the ssh-copy-id command to copy to the server in authorized_keys:

ssh-copy-id user@123.45.56.78

  • Or by copying keys using SSH:

cat ~/.ssh/id_rsa.pub | ssh user@123.45.56.78 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Regardless of the selected command, you will see the following (with your data):

The authenticity of host '12.34.56.78 (12.34.56.78)' can't be established.
RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '12.34.56.78' (RSA) to the list of known hosts.
user@12.34.56.78's password:
Now try logging into the machine, with "ssh 'user@12.34.56.78'", and check in:
 ~/.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.

After that, you can log in as a user (user@12.34.56.78) and no password will be prompted.

Step 4 - Deactivate Root Password

This step is optional.

Once you've copied your SSH keys and made sure you can log in via SSH, you can restrict access to superuser rights (so that you can only log in via SSH).

To do this, open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Inside this file, you will find the PermitRootLogin parameter - change it so that users can only log in through an SSH connection:

PermitRootLogin without-password

For the changes to take effect, enter:

reload ss

Also, read: How to speed up MySQL and take the load off the disk subsystem

Discuss

Read also:

AWS re:Invent 2021: Keynotes
02 December 2021, Thursday
AWS re:Invent 2021: Keynotes
What is a dashboard
25 November 2021, Thursday
What is a dashboard
AWS re:Invent 2021 Keynotes - AI/ML
03 December 2021, Friday
AWS re:Invent 2021 Keynotes - AI/ML
Add a comment
Comments (0)
Comment
Partners