The best way for power webmasters to manage a remote server is via SSH. The most secure way to manage your server via SSH is using password-less SSH encryption logons. Passwordless entry into your servers make it so that account users won’t be allowed to type in a username and password to gain entry. Only computers with its SSH encryption keys already on the servers will be allowed entry.
This is the most effective way of making sure that your servers are protected. We use passwordless entry on all our hosts.
Normal SSH implementations allow for all account holders to type in their account username and password to gain access to the server. This makes it easy for the bad guys to try a brute force attempt to gain access, although there are other tools in place to prevent these types of attacks.
Removing the password option from SSH is, in my opinion the best and most secure method to use SSH against brute force attacks and others. This should be implemented on all your servers. This brief tutorial is going to show you how to implement a passwordless logon to your Ubuntu 14.10 servers.
Here’s how it is setup. The client computer must upload its public key to the SSH server’s authorized_key file. Before access is granted, the server and client computer validate the private/public key pair. If the public key on the server matches the private key submitted via the client, access will be granted.
To get started, go and install SSH server if you haven’t already done so. To do that, run the commands below.
sudo apt-get -y install openssh-server
Next, run the commands below to start SSH server
sudo service ssh start
At this point all account holders on the server will have access to the server via SSH using their usernames and passwords combinations. This is obviously not secure. Continue below with implementing a passwordless logon.
- Generating the client SSH key
To generate the client’s SSH key, run the commands below
ssh-keygen -t rsa
After running the commands above, you will be shown the lines below:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mobaxterm/.ssh/id_rsa): Press Enter
Enter passphrase (empty for no passphrase): Press Enter
Enter same passphrase again: Press Enter
After that, the system key will be generated and saved in the home directory of the user running the commands (/home/username/.ssh/id_rsa)
After that, the next step will be exporting the client public key to the server. Only clients with their public keys on the server will be allowed to logon to the server. To export the key, run the commands below.
ssh-copy-id user@server_ip_address or hostname
If the commands was successful, you’ll see the message below.
Permanently added ‘192.168.107.194’ (ECDSA) to the list of known hosts.
[email protected]’s password:
/usr/bin/xauth: file /home/richard/.Xauthority does not exist
Now try logging into the machine, with “ssh ‘[email protected]′”, and check in:
~/.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.
Now, that the client key is uploaded to the server, go and turn off password logon option for SSH. To do that, sign onto the server and run the commands below to open SSH configurations file.
sudo vi /etc/ssh/sshd_config
When the file opens, make the following changes below and save the file.
PubkeyAuthentication yes
AuthorizedKeyFile .ssh/authorized_keys
PasswordAuthentication no
PermitRootLogin no
ChallengeResponseAuthentication no
Save the file and restart SSH server.
sudo service ssh restart
Now try logging in again from the client computer with the its SSH key already uploaded.
Frequently Asked Questions
How to install SSH server on Ubuntu 14.10 servers?
To install SSH server on Ubuntu 14.10 servers, run the command 'sudo apt-get -y install openssh-server.'
What is passwordless SSH logon and why is it secure?
Passwordless SSH logon is a method where users can access a server without typing a password. It is secure because only computers with the correct SSH encryption keys can gain entry.
How does passwordless SSH encryption logon enhance server security?
Passwordless SSH encryption logon enhances server security by preventing brute force attacks as users don't need to enter passwords to gain access.
Why is it recommended to implement passwordless entry on all servers?
Implementing passwordless entry on all servers is recommended for enhanced security as it reduces the risk of unauthorized access and brute force attacks.
What is the process of setting up passwordless logon on Ubuntu 14.10 servers?
To set up passwordless logon on Ubuntu 14.10 servers, the client computer must upload its public key to the SSH server's authorized_key file for validation.
How does SSH server validate private/public key pair for access?
The SSH server and client computer validate the private/public key pair by matching the public key on the server with the private key submitted by the client.
What are the advantages of using passwordless SSH logon for server management?
Using passwordless SSH logon for server management enhances security, simplifies access control, and reduces the risk of unauthorized access through password attacks.
Why should power webmasters consider passwordless SSH logon for remote server management?
Power webmasters should consider passwordless SSH logon for remote server management as it provides a more secure and efficient way of accessing and managing servers remotely.