Skip to content
Authors: fire1ce | Created: 2021-08-27 | Last update: 2022-08-02

SSH Hardening with SSH Keys

Generating a new SSH key

RSA 4096

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Ed25519 Algorithm

ssh-keygen -t ed25519 -C "your_email@example.com"

Automatic Copy RSA Key to The Server

ssh-copy-id -i ~/.ssh/id_rsa.pub user@host

Manually Copy RSA Key to The Server

ssh to the host (do not close this connection)

mkdir -p ~/.ssh && touch .ssh/authorized_keys

copy your public key usually located at ~/.ssh/id_rsa.pub

echo PUCLICK_Key_STRING >> ~/.ssh/authorized_keys

SSH Hardening - Disable Password Login

edit /etc/ssh/sshd_config change:

#PasswordAuthentication yes

to

PasswordAuthentication no

save&exit

restart ssh service:

sudo systemctl restart ssh

Danger

Open new SSH season and test login with RSA Keys before closing the existing connection


Optional: change ssh port

edit /etc/ssh/sshd_config change the port to a desired one

port 1337

save&exit

restart ssh service:

sudo systemctl restart ssh

Add Privet id_rsa key to Server

copy the id_rsa key to ~/.ssh folder

cd ~/.ssh
sudo ssh-agent bash
ssh-add id_rsa

Comments