SSH Hardening with RSA Keys🔗
Generating a new SSH key🔗
ssh-keygen -t rsa -b 4096 -C "[email protected]"
Automatic Copy RSA Key to The Server🔗
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Manually Copy RSA Key to The Server🔗
ssh to the host (do not close this connection
)
mkdir -p ~/.ssh && touch .ssh/authorized_keys
copy your public key usually located at ~/.ssh/id_rsa.pub
echo PUCLICK_Key_STRING >> ~/.ssh/authorized_keys
SSH Hardening - Disable Password Login
edit /etc/ssh/sshd_config
change:
#PasswordAuthentication yes
to
PasswordAuthentication no
save&exit
restart ssh service:
sudo systemctl restart ssh
Danger
Open new SSH season and test login with RSA Keys before closing the existing connection
Optional: change ssh port
edit /etc/ssh/sshd_config
change the port to a desired one
port 1337
save&exit
restart ssh service:
sudo systemctl restart ssh
Add Privet id_rsa key to Server🔗
copy the id_rsa key to ~/.ssh folder
cd ~/.ssh
sudo ssh-agent bash
ssh-add id_rsa