password

All posts tagged password by Linux Bash
  • Posted on

    Safe and Secure SSH Connections

    In a modern world where cyber-warfare is common place and every-day users are targets from organised crime, it goes without saying that you are likely to run into problems rather quickly if you don't use every available means of security.

    The scope of this article is to connect via SSH Keys however you should also be doing some other more mundane tasks like encrypting the connection (preferably with a VPN on your router) and using altered ports, plus limiting access to SSH users, if you have them.

    So what is the safest way to connect to your remote Linux OS distribution, by command line? Well quite simply, it is done with SSH Keys which you generate so that the connection can be established. These keys are then used as a form of password and where the remote user has these pre-generated keys on their system, SSH shares them and if allowed, serves the connection.

    Generating Your Keys

    From command line on the machine you are connecting from, do the following:

    ssh-keygen - Leave as default values

    This creates files inside your home directories .ssh folder. This is a hidden folder that you usually don't need access to. To see what's inside, do ls .ssh from your home path.

    Now, do the following, from your home path:

    cat .ssh/id_rsa.pub

    This is your public password. Share this with unlimited amounts of remote servers and while you are using this account, you will have access.

    Sharing Your Keys

    On a mundane level, you can provide the key you generated via any method you like, only your machine and account will be able to use it.

    Now, take the output of cat .ssh/id_rsa.pub, and do echo "key-here" >> .ssh/authorized_keys and voila, the magic is done. You can now do ssh user@example.com, password-free.

    So that's one way of achieving passwordless login via SSH, although there is an easier way. Do:

    ssh-copy-id user@example.com

    This will auto-install the keys for you, assuming you can connect to the server via SSH using other authentication methods - such as password.

    Removing Keys

    To remove access to a users account, do vi .ssh/authorized_keys and delete the line corresponding to the users account.

    It really is that simple!

    Voila

    Congratulations, you're all set up! Don't forget, while it is perfectly safe to share your id_rsa.pub key, do so with caution. Using it on your website homepage may attract unwanted attention!

    Peace.