SSH
Generate Key
run:
ssh-keygen
secure algorithm:
ssh-keygen -t ed25519 -C "your_email@example.com"
change passphrase:
ssh-keygen -p -f ~/.ssh/id_ed25519
SSH Config
vim ~/.ssh/config
Host shortname
HostName 100.100.100.100
User ubuntu
IdentityFile ~/.ssh/private-key-filename.key
SSH Agent
save you time with passphrase automation.
check if your ssh agent is running:
eval "$(ssh-agent -s)"
add ssh key:
ssh-add ~/.ssh/id_ed25519
or set timeout period
ssh-add -t 8h ~/.ssh/id_ed25519
check loaded keys:
ssh-add -l
Host SSH
Install SSH Server
sudo apt install ssh-server
systemctl enable ssh
Setup Key Access
scp ~/.ssh/public-key.pub user@100.100.100.100:~
mkdir .ssh/
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
Harden your sshd config
(optional: backup your config)
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Search for the line that contains PasswordAuthentication and change it from yes to no and uncomment the line by removing the beginning #
you can edit sshd_config with your favorite text editor:
{% code fullWidth="false" %}
sudo vim /etc/ssh/sshd_config
{% endcode %}
or
you can automate the process by using the sed command:
sudo sed -i 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
then restart ssh demon with
sudo systemctl restart sshd