Authors: 2021-08-27 | Last update: 2022-08-02
| Created: SSH Hardening with SSH Keys¶
Generating a new SSH key¶
RSA 4096
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Ed25519 Algorithm
ssh-keygen -t ed25519 -C "your_email@example.com"
Automatic Copy RSA Key to The Server¶
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
Manually Copy RSA Key to The Server¶
ssh to the host (do not close this connection
)
mkdir -p ~/.ssh && touch .ssh/authorized_keys
copy your public key usually located at ~/.ssh/id_rsa.pub
echo PUCLICK_Key_STRING >> ~/.ssh/authorized_keys
SSH Hardening - Disable Password Login¶
edit /etc/ssh/sshd_config
change:
#PasswordAuthentication yes
to
PasswordAuthentication no
save&exit
restart ssh service:
sudo systemctl restart ssh
Danger
Open new SSH season and test login with RSA Keys before closing the existing connection
Optional: change ssh port¶
edit /etc/ssh/sshd_config
change the port to a desired one
port 1337
save&exit
restart ssh service:
sudo systemctl restart ssh
Add Privet id_rsa key to Server¶
copy the id_rsa key to ~/.ssh folder
cd ~/.ssh
sudo ssh-agent bash
ssh-add id_rsa