Safe and Secure SSH Connections
In a modern world where cyber-warfare is common place and every-day users are targets from organised crime, it goes without saying that you are likely to run into problems rather quickly if you don't use every available means of security.
The scope of this article is to connect via SSH Keys however you should also be doing some other more mundane tasks like encrypting the connection (preferably with a VPN on your router) and using altered ports, plus limiting access to SSH users, if you have them.
So what is the safest way to connect to your remote Linux OS distribution, by command line? Well quite simply, it is done with SSH Keys which you generate so that the connection can be established. These keys are then used as a form of password and where the remote user has these pre-generated keys on their system, SSH shares them and if allowed, serves the connection.
Generating Your Keys
From command line on the machine you are connecting from, do the following:
ssh-keygen- Leave as default values
This creates files inside your home directories
.ssh folder. This is a hidden folder that you usually don't need access to. To see what's inside, do ls .ssh from your home path.
Now, do the following, from your home path:
cat .ssh/id_rsa.pub
This is your public password. Share this with unlimited amounts of remote servers and while you are using this account, you will have access.
Sharing Your Keys
On a mundane level, you can provide the key you generated via any method you like, only your machine and account will be able to use it.
Now, take the output of cat .ssh/id_rsa.pub, and do echo "key-here" >> .ssh/authorized_keys and voila, the magic is done. You can now do ssh user@example.com, password-free.
So that's one way of achieving passwordless login via SSH, although there is an easier way. Do:
ssh-copy-id user@example.com
This will auto-install the keys for you, assuming you can connect to the server via SSH using other authentication methods - such as password.
Removing Keys
To remove access to a users account, do vi .ssh/authorized_keys and delete the line corresponding to the users account.
It really is that simple!
Voila
Congratulations, you're all set up! Don't forget, while it is perfectly safe to share your id_rsa.pub key, do so with caution. Using it on your website homepage may attract unwanted attention!
Peace.