{"id":3448,"date":"2020-09-09T09:00:46","date_gmt":"2020-09-09T01:00:46","guid":{"rendered":"https:\/\/www.casbay.com\/blog\/?p=3448"},"modified":"2022-09-22T18:39:17","modified_gmt":"2022-09-22T10:39:17","slug":"how-to-configure-a-secure-ssh-based","status":"publish","type":"post","link":"https:\/\/www.casbay.com\/blog\/tips-sharing\/how-to-configure-a-secure-ssh-based","title":{"rendered":"How to Configure a Secure SSH-Based"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Introduction <\/strong><\/h3>

SSH is a remote connection method, whether or not it is a VPS. It is versatile and multi-platform, allows you to almost monitor your computer, as you were, and it has many useful features.

Yet protection is an important focus in the modern world of IT, so I will share some details about how to ensure access to your ssh. You’ll build a couple of keys: public and private. Privacy is your secure key for protecting, safeguarding and sharing with no one. It’s used as a special user to mark you. Public is a key to be delivered to remote servers or services.<\/p>

Accessions<\/strong><\/h3>

You’ll need:
1) CentOS 7.4 VPS server<\/a>
2) Basic knowledge how to edit files in Linux systems
3) Linux or Windows host machine, from which you access the VPS server.<\/p>

Generating A SSH Key Pair on Your Host Machines<\/strong><\/h2>

If your system, from which you access VPS, is Linux ( Fedora 25 system was used, as a typical home\/workplace Linux system):
1) run ssh-keygen and follow on-screen instructions
“ssh-keygen”<\/p>

\"SSH-command
SSH command “ssh-keygen”<\/figcaption><\/figure>

You can enter a specific location of storage (you can leave this as it is). You will also be asked for a password to secure the key by ssh-keygen. Although passwordless, as it is sometimes useful for different setups (automatic systems without user input), the password should be protected from your key and your key will only not allow an attacker to access the VPS-server even if your key pair is compromised.
Remember password. When you forget it, you can’t restore your key control.<\/p>

\"SSH-password
Must Remember Password<\/figcaption><\/figure>

2) Backup your keys on a secure, safe storage
3) run cat \/home\/vpsuser\/.ssh\/id_rsa.pub ( replace path with the one, you have actually used ) and copy the key.<\/p>

4) You need to put a copied key as a new string into
`\/root\/.ssh\/authorized_keys`
on your VPS server. It should look like this<\/p>

\"SSH-command
SSH-command copy key as a new string on VPS server<\/figcaption><\/figure>

Notice that each key starts as a separate string.
5) To connect from linux machine to your VPS server through ssh, you just need to run
“ssh -i \/home\/vpsuser\/.ssh\/id_rsa.pub root@”<\/p>

\"Connect
Connect from linux machine to VPS server through SSH<\/figcaption><\/figure>

If your system, from which you access VPS, is Windows ( Windows 10 was used, as a typical home\/workplace Windows system): 1) Run puttygen tool, that comes out of the box with a putty installation.<\/p>

\"SSH-PuTTY
PuTTY Key Generator tool<\/figcaption><\/figure>

Press “generate” and it will ask you to move mouse on the empty area to generate random data, and will provide you an ssh key pair.<\/p>

\"SSH-PuTTY
SSH key pair<\/figcaption><\/figure>

2.1) Enter password to “Key passphraze” and confirmation fields. Remember the password.
2.2) Copy the contents of the “public key for pasting into Openssh authorized_keys file:”
2.3) Save public and private key to a secure, safe storage<\/p>

3) Copy’s the contents of the “public key for pasting into Openssh authorized_keys file:” windows in puttygen
4) Go back to your VPS server. We need to add the public part of the key pair, we have just created to the list of authorized keys. Put a copied key as a new string into
\/root\/.ssh\/authorized_keys
On your VPS server. It should look like this<\/p>

\"SSH-add
add the public part of the key pair on VPS server<\/figcaption><\/figure>

Notice that each key starts as a separate string.
5) Test connection to your VPS server
5.1) Open putty and go to Connection – SSH – Auth in the left panel.
5.2) Open you private key file by pressing Browse near the Private key for authentication field.<\/p>

\"SSH-PuTTY
Open Private Key File for authentication field<\/figcaption><\/figure>

5.3) Go back to Session in the left panel of putty, enter your server hostname or ip with a login name ( optional, as putty will prompt for it anyway ) and press Open.<\/p>

\"SSH-PuTTY
Enter your server Hostname or IP<\/figcaption><\/figure>

5.4) Putty will prompt for key password at it’s screen, and if entered correctly, forward you to your VPS server console<\/p>

\"PuTTY-prompt
PuTTY-prompt for key password<\/figcaption><\/figure>

\u00a0<\/p>

Securing Your SSH Server<\/strong><\/h3>

Using Linux and Windows, you can now easily connect to your VPS server. You should currently disable access to your machine with a password, so any attempts to bruteforce are useless. Without an authorized ssh key your system will just not accept an incoming ssh connection. Open on your VPS server
“\/etc\/sshd\/sshd_config”
and change “PasswordAuthentication yes” string to “PasswordAuthentication no” restart sshd daemon
“systemctl restart sshd”
and check that it has no problems
“systemstl status sshd”<\/p>

\"Securing
Securing Your SSH Server<\/figcaption><\/figure>

\u00a0<\/p>

Conclusion<\/strong><\/h3>

Securing your link to your ssh-key pair and preventing a password login are a fundamental measure of security. It protects your server against a lot of attacks based on alphabetical password and bruteforce searches. In conclusion, secure at least basic steps for your VPS server to allow you to sleep better.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Introduction SSH is a remote connection method, whether or not it is a VPS. It is versatile and multi-platform, allows […]<\/p>\n","protected":false},"author":1,"featured_media":33286,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":"","_wpscppro_custom_social_share_image":0},"categories":[89],"tags":[102],"_links":{"self":[{"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/posts\/3448"}],"collection":[{"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/comments?post=3448"}],"version-history":[{"count":18,"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/posts\/3448\/revisions"}],"predecessor-version":[{"id":34768,"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/posts\/3448\/revisions\/34768"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/media\/33286"}],"wp:attachment":[{"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/media?parent=3448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/categories?post=3448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.casbay.com\/blog\/wp-json\/wp\/v2\/tags?post=3448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}