09-05-2016, 10:20 AM
Why use SSH Passwordless Login instead of your good ole password?
Simple, the chances to crack a high bit key are effectively zero (insert NSA paranoia here), while bad passwords are all to common, let alone people brute-forcing your server.
Client = Linux Lite
Server = Ubuntu Server only
1. On the client, generate a key pair:
choose a very strong password (10 or more characters - letters, upper & lower case, numbers and characters eg. %^#*)
This will give you 2 files, id_rsa and id_rsa.pub with 4096 bit encryption.
2. On the Server do:
Copy the contents of id_rsa.pub from your client into authorized_keys on the Server, then Save with Ctrl+o and Ctrl+x.
3. Change permissions of 'authorized_keys' and the '.ssh' folder on the Server to:
Do: ls -l .ssh on the server, it should read:
4. On the Server do:
Change:
to
and the following to:
In the same file, change the port number from 22 to a 4 digit number eg. 7685 (this should avoid someone brute-forcing your server, you could strengthen more via your firewall, but that's another tutorial)
Save with Ctrl+o and Ctrl+x.
5. On the Server do:
or
6. On the Client:
enter key password/s when prompted.
7. Create the following file in your home folder:
copy the following into the file:
this will ensure you're not asked for your ssh passphrase after a reboot.
Connect to Server with:
Should work on a WAN too, just remember to port forward 7685 on your Router if you want to connect from the outside.
Folks are welcome to add additional security tips to this thread providing they work with the above set up.
Simple, the chances to crack a high bit key are effectively zero (insert NSA paranoia here), while bad passwords are all to common, let alone people brute-forcing your server.
Client = Linux Lite
Server = Ubuntu Server only
1. On the client, generate a key pair:
Code:
ssh-keygen -t rsa -b 4096choose a very strong password (10 or more characters - letters, upper & lower case, numbers and characters eg. %^#*)
This will give you 2 files, id_rsa and id_rsa.pub with 4096 bit encryption.
2. On the Server do:
Code:
mkdir .ssh
touch .ssh/authorized_keys
nano .ssh/authorized_keysCopy the contents of id_rsa.pub from your client into authorized_keys on the Server, then Save with Ctrl+o and Ctrl+x.
3. Change permissions of 'authorized_keys' and the '.ssh' folder on the Server to:
Code:
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keysDo: ls -l .ssh on the server, it should read:
Code:
-rw------- 1 user user 744 Sep 5 21:41 authorized_keys4. On the Server do:
Code:
sudo nano /etc/ssh/sshd_configChange:
Code:
#PasswordAuthentication yesto
Code:
PasswordAuthentication noand the following to:
Code:
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yesIn the same file, change the port number from 22 to a 4 digit number eg. 7685 (this should avoid someone brute-forcing your server, you could strengthen more via your firewall, but that's another tutorial)
Save with Ctrl+o and Ctrl+x.
5. On the Server do:
Code:
sudo systemctl restart sshor
Code:
sudo service ssh restart6. On the Client:
Code:
ssh-add -k ~/.ssh/id_rsaenter key password/s when prompted.
7. Create the following file in your home folder:
Code:
touch .bash_profile
nano .bash_profilecopy the following into the file:
Code:
if [ -z "$SSH_AUTH_SOCK" ] ; then
eval `ssh-agent -s`
ssh-add
fithis will ensure you're not asked for your ssh passphrase after a reboot.
Connect to Server with:
Code:
ssh -p 7685 [email protected]Should work on a WAN too, just remember to port forward 7685 on your Router if you want to connect from the outside.
Folks are welcome to add additional security tips to this thread providing they work with the above set up.
![[Image: X5qGkCg.png]](http://imgur.com/X5qGkCg.png)
![[Image: 0op1GNe.png]](http://i.imgur.com/0op1GNe.png)
![[Image: LgJ2mtP.png]](http://i.imgur.com/LgJ2mtP.png)
![[Image: vLZcFUE.png]](https://imgur.com/vLZcFUE.png)
![[Image: lrUHro3.jpg]](http://i.imgur.com/lrUHro3.jpg)
