How to force key based access via ssh and disable password based login…
Note: but before we make this changes we need to finish the key based authentication first.
Download and install git bash in windows machine
(https://github.com/git-for-windows/git/releases/download/v2.9.0.windows.1/Git-2.9.0-64-
bit.exe)
open git bash and type
$ ssh -v durga@172.16.8.27 -p
It will connect to the remote server through default port 22 where password authentication is enabled.
we need to make the changes to disable root with password login and to enable users to log in using key based authentication.
now generate keys there in server
$ ssh-keygen -t rsa
can put a password other than same password of machine
it will generate in .ssh folder
set the permission
$ chmod 700 ~/.ssh
now create authorized_keys file inside .ssh folder
$ touch ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
Now we need to add the public key to the authorized-keys file
in generate keys in windows git bash login
$ ssh-keygen -t rsa
follow the process and put a password other than machine login password.
it will generate in .ssh folder inside user folder
find id_rsa.pub file , we need to move this to server.
$ scp -rp .ssh/id_rsa.pub durga@172.16.8.27:~/.ssh/authorized_keys
if it does not copy to this folder directly due to permission issue then we can try this
thing
$ scp -rp .ssh/id_rsa.pub durga@172.16.8.27:~/tmp/id_rsa.pub
then log in to remote server
$ ssh -v durga@172.16.8.27:2200 -p
$ scp /tmp/id_rsa.pub /.ssh/authorized_keys
now restart the ssh service
$ sudo service ssh restart
Now we need to disable PasswordAuthentication and enable PubkeyAuthentication
$ sudo nano /etc/ssh/sshd_config
PasswordAuthentication no
To disable PasswordAuthentication and enabled PubkeyAuthentication …
Let’s first start with changing the default port of ssh from 22 to 2200
To change the default ssh port in ubuntu
$ sudo nano /etc/ssh/sshd_config
Port 22 change it to 2200 or some thing which you want
then restart the ssh service to apply the changes
$ sudo service ssh restart
Now you will be able to log in using port 2200.
How to stop Password Authentication ???
$ sudo nano /etc/ssh/sshd_config
Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes to no
Clear the comment and change yes to no
PasswordAuthentication no
restart the ssh service and it wont allow root or any other user to login using password also
Even root user or durga user cannot login through ssh without pub key authentication. It’s only now configured for user – durga to login using key based authentication and it’s most secure.
You may also like: Install and configure Oracle Virtual Box to run Linux OS under Windows Platform
