Difference between revisions of "SSH"

From Organic Design wiki
(basic ssh usage)
 
m (Disable password-based logins)
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Password-protect you private key ==
 
To add a password to an existing private key, use the following ''openssl'' command:
 
<source lang="bash">
 
openssl rsa -des3 -in your.key -out your.encrypted.key
 
</source>
 
 
 
== Disable password-based logins ==
 
== Disable password-based logins ==
 
If you want to restrict server logins to keys only, you can disable passwords for SSH access in ''/etc/ssh/sshd_config'':
 
If you want to restrict server logins to keys only, you can disable passwords for SSH access in ''/etc/ssh/sshd_config'':
Line 23: Line 17:
 
chmod 644 /home/USER/.ssh/authorized_keys
 
chmod 644 /home/USER/.ssh/authorized_keys
 
</source>
 
</source>
 +
  
 
Restart the SSH server and test that you can login from another terminal window before exiting the current session. You now login as your own user, not the ''root'' user, and then use '''sudo bash''' to gain a ''root'' shell.
 
Restart the SSH server and test that you can login from another terminal window before exiting the current session. You now login as your own user, not the ''root'' user, and then use '''sudo bash''' to gain a ''root'' shell.
 
<source lang="bash">
 
<source lang="bash">
 
service ssh restart
 
service ssh restart
 +
</source>
 +
 +
== Password-protect an existing private key ==
 +
To add a password to an existing private key, use the following ''openssl'' command:
 +
<source lang="bash">
 +
openssl rsa -des3 -in your.key -out your.encrypted.key
 
</source>
 
</source>
  
 
== See also ==
 
== See also ==
 +
*[[Configure SSH]]
 
*[[SSL]]
 
*[[SSL]]
 
*[[Security]]
 
*[[Security]]
 
*[[Install a new server]]
 
*[[Install a new server]]
 
*[https://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html RSA encrypted key details]
 
*[https://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html RSA encrypted key details]

Revision as of 19:30, 14 December 2017

Disable password-based logins

If you want to restrict server logins to keys only, you can disable passwords for SSH access in /etc/ssh/sshd_config: 

AllowUsers fred bob sam
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no


And don't forget to add your public RSA key to '~/.ssh/authorized_keys. Note that you'll probably need to create the directory since the account has just been created, and the owner and mode is important. 

mkdir /home/USER/.ssh
echo "RSA_KEY" > /home/USER/.ssh/authorized_keys
chown USER:USER -R /home/USER/.ssh
chmod 644 /home/USER/.ssh/authorized_keys


Restart the SSH server and test that you can login from another terminal window before exiting the current session. You now login as your own user, not the root user, and then use sudo bash to gain a root shell. 

service ssh restart

Password-protect an existing private key

To add a password to an existing private key, use the following openssl command: 

openssl rsa -des3 -in your.key -out your.encrypted.key

See also

Retrieved from "https://organicdesign.nz/wiki/index.php?title=SSH&oldid=123164"