OpenSSH or Secure Shell has become the default connection method to remote Linux servers. It comes pre-installed in most Linux distributions and works right out of the box. No need to configure, just install and it’s ready to start accepting connections.
Although SSH is secure and far better than most shell communication tools, leaving it as is after installing may not provide the best protection for your servers or secured resources. The best method is to install SSH server and enable power-less login using only encryption keys to login.
With this method, users who have access to the system won’t be allowed to type in passwords to access the system. Only computers with the correct public keys installed on the server will be allowed to access. This is far more secure than using passwords to sign into your servers.
Hackers and others who want to hack your systems won’t be able to because there’s no passwords login involved. The computer attempting access must already have its public keys on the server and without that, access will always be denied.
This tutorial is going to show you how to configure SSH securely to only allow encryption keys login also know as powerless login.
To get started, install OpenSSH onto your server. For this tutorial, I am using Ubuntu 15.04.
To install OpneSSH on Ubuntu, run the commands below.
sudo apt-get -y install openssh-server
After installing, start the server using the commands below
sudo systemctl start ssh
The server is started and ready to start accepting connections right away. By default SSH will allow anyone who has remote access to the systems using combination of a username and password to gain access.
Before configuring the server to not allow username and passwords, go and create the client authentication keys. To do that, run the commands below.
ssh-keygen -t rsa
You’ll be prompted to with the screen below.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mobaxterm/.ssh/id_rsa): Press Enter
Enter passphrase (empty for no passphrase): Press Enter
Enter same passphrase again: Press Enter
After that, the system’s key will be generated and saved in the home directory of the user running the commands (/home/username/.ssh/id_rsa)
Next, run the commands below to export your public key to the server key store. Only systems who present their private keys to match their public key stored on the server will be allowed.
ssh-copy-id user@server_ip_address or hostname
That will copy over the client’s public key.
Next, logon to the server and configure SSH to reject username and password logins. To do that, run the commands below to open SSH configuration file.
sudo vi /etc/ssh/sshd_config
Then make the changes below and save the file.
PubkeyAuthentication yes
AuthorizedKeyFile .ssh/authorized_keys
PasswordAuthentication no
PermitRootLogin no
ChallengeResponseAuthentication no
After saving the file, restart SSH server and test.. You should only able to login automatically without typing passwords.
To reload SSH new configuration, run the commands below.
sudo systemctl reload ssh
The next time you attempt to access your server, you won’t be prompted for username and password. You will automatically be granted access.
For others, not so much.. they will be denied automatically.
Enjoy!
Frequently Asked Questions
How to secure SSH servers on Linux using encryption keys?
To secure SSH servers on Linux using encryption keys, you need to install OpenSSH and configure it to allow powerless login. This means users can only access the server if their computer has the correct public keys installed.
Why is it important to secure SSH servers on Linux?
It is important to secure SSH servers on Linux to prevent unauthorized access and protect sensitive data. Using encryption keys for login adds an extra layer of security compared to traditional password-based login.
What are the benefits of using encryption keys for SSH login?
Using encryption keys for SSH login eliminates the risk of password-based attacks like brute force. It ensures that only authorized computers with the correct keys can access the server, enhancing security.
How to install OpenSSH on Ubuntu for secure server access?
To install OpenSSH on Ubuntu for secure server access, run the command 'sudo apt-get -y install openssh-server'. This will install OpenSSH, allowing you to configure it for encryption key-based login.
Can hackers bypass encryption key-based login on SSH servers?
Hackers cannot easily bypass encryption key-based login on SSH servers because it requires the correct public keys to access the server. Without the keys, unauthorized access is prevented.
What is powerless login in the context of SSH servers?
Powerless login in SSH servers refers to the method of logging in without using passwords. Instead, users must have the correct encryption keys installed on their computers to access the server.
How does encryption key-based login enhance SSH server security?
Encryption key-based login enhances SSH server security by eliminating the risk of password theft or brute force attacks. It ensures that only authorized devices with the correct keys can access the server.
What is the default connection method to remote Linux servers?
The default connection method to remote Linux servers is OpenSSH or Secure Shell. It comes pre-installed in most Linux distributions and works securely right out of the box.