30.1 C
Cuttack
Monday, September 20, 2021
HomeLinuxHow to force key based access via ssh and disable password based...

How to force key based access via ssh and disable password based login…

How to force key based access via ssh and disable password based login…

Note: but before we make this changes we need to finish the key based authentication first.

Download and install git bash in windows machine
(https://github.com/git-for-windows/git/releases/download/v2.9.0.windows.1/Git-2.9.0-64-
bit.exe)

open git bash and type
$ ssh -v durga@172.16.8.27 -p
It will connect to the remote server through default port 22 where password authentication is enabled.

we need to make the changes to disable root with password login and to enable users to log in using key based authentication.

now generate keys there in server
$ ssh-keygen -t rsa

can put a password other than same password of machine

it will generate in .ssh folder
set the permission
$ chmod 700 ~/.ssh
now create authorized_keys file inside .ssh folder
$ touch ~/.ssh/authorized_keys

$ chmod 600 ~/.ssh/authorized_keys

Now we need to add the public key to the authorized-keys file

in generate keys in windows git bash login
$ ssh-keygen -t rsa
follow the process and put a password other than machine login password.
it will generate in .ssh folder inside user folder
find id_rsa.pub file , we need to move this to server.

$ scp -rp .ssh/id_rsa.pub durga@172.16.8.27:~/.ssh/authorized_keys
if it does not copy to this folder directly due to permission issue then we can try this
thing
$ scp -rp .ssh/id_rsa.pub durga@172.16.8.27:~/tmp/id_rsa.pub
then log in to remote server
$ ssh -v durga@172.16.8.27:2200 -p
$ scp /tmp/id_rsa.pub /.ssh/authorized_keys

now restart the ssh service

$ sudo service ssh restart

Now we need to disable PasswordAuthentication and enable PubkeyAuthentication

$ sudo nano /etc/ssh/sshd_config

PasswordAuthentication no

To disable PasswordAuthentication and enabled PubkeyAuthentication …

Let’s first start with changing the default port of ssh from 22 to 2200

To change the default ssh port in ubuntu

$ sudo nano /etc/ssh/sshd_config

Port 22 change it to 2200 or some thing which you want

then restart the ssh service to apply the changes

$ sudo service ssh restart

Now you will be able to log in using port 2200.

How to stop Password Authentication ???

$ sudo nano /etc/ssh/sshd_config

Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes to no

Clear the comment and change yes to no

PasswordAuthentication no

restart the ssh service and it wont allow root or any other user to login using password also

 

Even root user or durga user cannot login through ssh without pub key authentication. It’s only now configured for user – durga to login using key based authentication and it’s most secure.

You may also like: Install and configure Oracle Virtual Box to run Linux OS under Windows Platform

Durga Charan Ojhahttps://lifeonnetwork.com/
I am a proud Indian, proud father, a blogger, Being in a profession as System administrator, my passion is troubleshooting computer issues, I do like sharing solutions through blogging making videos of solving issues.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular