Protect your server against attacks by adopting SSH Key as your

In your local machine (the one that will be establishing the connection to the server) do:
ssh-keygen -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/YOU/.ssh/id_rsa):   

<YOU_MAY_RENAME_THE_FILE>
<IN_MY_CASE_I_CHANGED_IT_TO /Users/YOU/.ssh/id_rsa_srv001.pub>
<USEFUL_IF_YOU_HAVE_MORE_THAN_1_KEY>
Type a pass phrase: You may use a online generator if you wish such as this one: https://www.useapassphrase.com/
ssh-copy-id [-i identity_file]] [-p port] [-o ssh_option] [user@]hostname

Example:
Mac-Pro:.ssh YOU$ ssh-copy-id -i ~/.ssh/id_rsa_srv001 root@YOUR_SERVER
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/YOU/.ssh/id_rsa_srv001.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@YOUR_SERVER's password:

<TYPE_YOUR_PASSWORD_WHEN_REQUESTED>

Number of key(s) added:        1


Now try logging into the machine, with:   "ssh 'root@YOUR_SERVER'"
and check to make sure that only the key(s) you wanted were added.
Now, let’s see if SSH Key is working fine.
ssh -i ~/.ssh/id_rsa_srv001 root@YOUR_SERVER
<TYPE_YOUR_PASSPHRASE_WHEN_REQUESTED>
  
  You should get access to your server
By default, authorized keys are placed in your users ~/.ssh/authorized_keys This file content looks like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRCrbVqqPtxLFt11Xu0G9yIdg80k9....FbYaPpHG4w== YOU@Mac-Pro.local
IMPORTANT: Once you have verified that your SSH Key is allowing you to connected Disable Password Login
$ sudo vim /etc/ssh/sshd_config

-------------------------------------------------
# Look for a line with: 

PasswordAuthentication

# Then make sure this line is set to: 
PasswordAuthentication no
Save the file (: + wq + enter) and restart the ssh agent
sudo systemctl restart ssh
And now if you try to connect, you must do it with SSH key. Otherwise your connection will be immediately refused. That’s all

Leave a Reply

Close Menu