Skip to content

SSH Hardening with RSA Keys🔗

Generating a new SSH key🔗

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Automatic Copy RSA Key to The Server🔗

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

Manually Copy RSA Key to The Server🔗

ssh to the host (do not close this connection)

mkdir -p ~/.ssh && touch .ssh/authorized_keys

copy your public key usually located at ~/.ssh/id_rsa.pub

echo PUCLICK_Key_STRING >> ~/.ssh/authorized_keys

SSH Hardening - Disable Password Login

edit /etc/ssh/sshd_config change:

#PasswordAuthentication yes

to

PasswordAuthentication no

save&exit

restart ssh service:

sudo systemctl restart ssh

Danger

Open new SSH season and test login with RSA Keys before closing the existing connection


Optional: change ssh port

edit /etc/ssh/sshd_config change the port to a desired one

port 1337

save&exit

restart ssh service:

sudo systemctl restart ssh

Add Privet id_rsa key to Server🔗

copy the id_rsa key to ~/.ssh folder

cd ~/.ssh
sudo ssh-agent bash
ssh-add id_rsa

Comments