See http://wiki.centos.org/HowTos/Network/SecuringSSH for a great rundown on everything I am doing here.
Create new user
So first create the user that you will use to login to the machine.
In this case we created a new group admin. And then we created a user called carl and assigned this group admin.
Create public/private keys
Now, as the user just created, create public/private keys. Then put the public key in the authorized_keys file for the user. Copy the private key (id_rsa) to somewhere on your local machine to use later on.
ssh-keygen -t rsa
chmod 700 .ssh
chmod 600 .ssh/id_rsa
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
Test Key
If you are using Windows you can use putty to test connecting to the server.
First convert the private key from the previous step to a putty format using puttygen.
Then create a connection to your server specifying the user you created and the private putty key.
When specifying the connection you will need to supply:
- Session - Host Name (or IP Address) - IP Address or host name of your machine
- Connection - Data - Auto-login username - username you created previously. In this example it is carl.
- Connection - SSH - Auth - private key for authentication - Path to the private putty key.
If you can connect then everything is okay and you can then continue with the next step to lock down SSH.
Modify SSH Config
Edit /etc/ssh/sshd_config and make the following changes.
PermitRootLogin no
AllowUsers carl
Port 2022
PasswordAuthentication no
Now it should be that only the user carl can SSH into the machine and authentication will be done using the private key of this user.
No comments:
Post a Comment