Secure Linux Login Connection
Introduction
SSH offers two methods of authentication: password and key pair authentication.
- Password Authentication: While simple passwords are easily remembered, they are also easily compromised through brute force attacks. On the other hand, complex passwords, though safer, are challenging to remember.
- Key Pair Authentication: This method involves a combination of a public key and a private key. The public key is placed on the device that one wishes to access, while the private key is stored on the user's local machine. Only the holder of the private key can access the device, making this method secure and convenient.
Generating a Key Pair with ssh-keygen
The ssh-keygen command can be used to generate a key pair. Here is how to use it:
ssh-keygenFor a stronger key pair, use:
ssh-keygen -t rsa -b 4096 -C $commentNote: When prompted, hit Enter for each prompt.
Uploading the Public Key to the Remote Host
There are two ways to upload the public key: manually and automatically.
Automatic Upload
To automatically upload the public key, run:
ssh-copy-id user@remoteHostOr specify the public key and port:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@remoteHostManual Upload
To manually upload the public key, copy the public key content:
ssh user@remoteHost 'mkdir -p .ssh && cat >> .ssh/authorized_keys' < ~/.ssh/id_rsa.pubNext, set the correct permissions on the remote host:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keysAfter creating the authorized_keys file and pasting the public key contents into it, we can log in without a password:
ssh user@remoteHostManaging Sessions via SSH Profiles
SSH profiles are an elegant and efficient way to manage multiple remote logins. You can create several remote hosts on the SSH profiles as shown:
cat >> ~/.ssh/config << EOF
Host HOST01
HostName 123.123.123.33
Port 22
User user01
IdentityFile "~/.ssh/id_rsa"
IdentitiesOnly yes
Host HOST02
HostName 10.110.254.99
Port 2222
User user02
IdentityFile "~/.ssh/id_ecdsa"
IdentitiesOnly yes
EOFEnsure that you set the correct permissions on the SSH profiles:
chmod 600 ~/.ssh/configAfter setting up the SSH profiles, you can log in by simply entering the alias name:
ssh HOST01Disabling Password Login
For security reasons, it is recommended to disable password login:
sudo sed -i "s@.*\(PasswordAuthentication \).*@\1no@" /etc/ssh/sshd_config
sudo service sshd restartOne-Key Configuration on SSH
Setting up a new remote host key login requires several steps such as key pair generation, permissions setting, public key upload, and password disabling.
However, we can upload all the public keys to Github SSH keys, and then deploy the public key with one command on the new remote host:
curl -fsSL https://github.com/$githubUser.keys >> ~/.ssh/authorized_keysAlso, disable the password and restart the SSH daemon:
sudo sed -i "s@.*\(PasswordAuthentication \).*@\1no@" /etc/ssh/sshd_config
sudo service sshd restartAdditionally, we can simplify the process using P3TERX's SSH Key Installer:
bash <(curl -fsSL git.io/key.sh) -g $githubUser -d| Option | Description |
|---|---|
| -o | Enables overwrite mode. Must be written at the top to take effect. |
| -g | Retrieves the public key from GitHub. The parameter is the GitHub username. |
| -u | Retrieves the public key from a URL. The parameter is the URL. |
| -f | Obtains the public key from a local file. The parameter is the path of the local file. |
| -p | Modifies the SSH port. The parameter is the port number. |
| -d | Disables password login. |
Deploying the Public Key
Here are some ways of getting the public key:
i. Get the public key from Github:
bash <(curl -fsSL git.io/key.sh) -g $githubUserii. Get the public key from a URL:
bash <(curl -fsSL git.io/key.sh) -u https://keyaddress.com/id_rsa.pubiii. Overwrite mode will completely replace the previous key on /.ssh/authorized_keys:
bash <(curl -fsSL git.io/key.sh) -o -g $githubUseriv. Disable password login:
bash <(bash <(curl -fsSL git.io/key.sh) -dv. Modify the SSH port:
bash <(curl -fsSL git.io/key.sh) -p 2222Conclusion
Whether manually or automatically, managing SSH keys involves creating a secure key pair, uploading the public key to the intended device, and managing sessions using SSH profiles. For increased security, it is advisable to disable password logins. Various tools such as P3TERX's SSH Key Installer can simplify these processes.
Great post. I was checking constantly this blog and I am impressed! Extremely helpful info specially the last part :) I care for such information a lot. I was seeking this certain information for a very long time. Thank you and best of luck.
casino en ligne
I'm gone to say to my little brother, that he should also go to see this website on regular basis to obtain updated from latest news update.
casino en ligne France
Good day! Would you mind if I share your blog with my twitter group? There's a lot of folks that I think would really appreciate your content. Please let me know. Thanks
site
Hey There. I found your blog using msn. This is a very well written article. I will make sure to bookmark it and return to read more of your useful information. Thanks for the post. I will certainly comeback.
casino en ligne
Appreciate the recommendation. Let me try it out.
web page
It's actually a cool and helpful piece of information. I'm glad that you just shared this useful information with us. Please keep us informed like this. Thank you for sharing.
web page
When someone writes an piece of writing he/she retains the thought of a user in his/her mind that how a user can know it. Thus that's why this piece of writing is perfect. Thanks!
casino en ligne France
These are actually wonderful ideas in regarding blogging. You have touched some fastidious points here. Any way keep up wrinting.
web site
Greetings from California! I'm bored to death at work so I decided to browse your blog on my iphone during lunch break. I really like the information you provide here and can't wait to take a look when I get home. I'm amazed at how quick your blog loaded on my mobile .. I'm not even using WIFI, just 3G .. Anyways, superb blog!
website
Hey very nice blog!
web site
of course like your web site but you have to
check the spelling on quite a few of your posts. Several of them are rife with spelling
issues and I to find it very troublesome to inform the
reality nevertheless I will definitely come again again.
webpage
Hmm it looks like your blog ate my first comment (it was extremely long) so I guess I'll just sum it up what
I had written and say, I'm thoroughly enjoying your blog.
I as well am an aspiring blog blogger but I'm still new to everything.
Do you have any tips and hints for novice blog writers? I'd genuinely appreciate it.
webpage
Wow, incredible weblog structure! How lengthy have you been running a blog for?
you made blogging look easy. The total glance of your web site is
great, let alone the content material!
casino en ligne
Good post. I learn something new and challenging on blogs I stumbleupon everyday.
It's always interesting to read articles from other writers
and practice a little something from their web sites.
meilleur casino en ligne
Nice blog here! Also your site loads up very fast! What web
host are you using? Can I get your affiliate link to
your host? I wish my web site loaded up as fast as yours lol
casino en ligne
Hey would you mind letting me know which hosting company you're utilizing?
I've loaded your blog in 3 different internet browsers and I
must say this blog loads a lot faster then most. Can you suggest a
good hosting provider at a honest price? Thank you, I appreciate
it!
casino en ligne
Tremendous things here. I am very glad to see your article.
Thank you so much and I am taking a look ahead to contact you.
Will you kindly drop me a mail?
web page
Hey there, You've done a great job. I will certainly digg it and
personally suggest to my friends. I am confident they'll be benefited from
this website.
casino en ligne
You need to take part in a contest for one
of the highest quality blogs on the web.
I will highly recommend this web site!
web site
I love what you guys are up too. Such clever work and exposure!
Keep up the great works guys I've added you guys to my personal blogroll.
web site
https://t.me/s/flagman_official_777/98
Inventonslemondedapres : votre partenaire privilégié pour découvrir des casinos en ligne aux interfaces
modernes et fluides.
qlawcp
rkfrje