SSH Hardening with RSA Keys¶
Generating a new SSH key¶
RSA 4096
ssh-keygen -t rsa -b 4096 -C "[email protected]"
Ed25519 Algorithm
ssh-keygen -t ed25519 -C "[email protected]"
Automatic Copy RSA Key to The Server¶
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Manually Copy RSA Key to The Server¶
ssh to the host (do not close this connection)
mkdir -p ~/.ssh && touch .ssh/authorized_keys
copy your public key usually located at ~/.ssh/id_rsa.pub
echo PUCLICK_Key_STRING >> ~/.ssh/authorized_keys
SSH Hardening - Disable Password Login¶
edit /etc/ssh/sshd_config change:
#PasswordAuthentication yes
to
PasswordAuthentication no
save&exit
restart ssh service:
sudo systemctl restart ssh
Danger
Open new SSH season and test login with RSA Keys before closing the existing connection
Optional: change ssh port¶
edit /etc/ssh/sshd_config change the port to a desired one
port 1337
save&exit
restart ssh service:
sudo systemctl restart ssh
Add Privet id_rsa key to Server¶
copy the id_rsa key to ~/.ssh folder
cd ~/.ssh
sudo ssh-agent bash
ssh-add id_rsa