You are seeing the old Web Africa website because your version of internet explorer is out of date. Click here to download the latest version.
Web Africa - Home
Register your Domain
www
5 Notices

Dedicated Servers > Securing SSH on your Linux Dedicated Server - Web Africa > Support KnowledgeBase

KnowledgeBase

Please Enable Javascript
KB Home > Dedicated Servers > Securing SSH on your Linux Dedicated Server

Secure SSH using Public Key Authentication

Public key authentication is a more secure way of authenticating via SSH to your server and if all password-based authentication methods are disabled, it can prevent any brute force SSH attacks.

Generating a key

First we need to generate a key that will be used to access your server. In a Linux enviroment this utility is normally built in, Windows users can download this tool for generating keys.

In Linux you can run the following commands from your bash prompt.
client$ mkdir -p ~/.ssh
client$ chmod 700 ~/.ssh
client$ ssh-keygen -q -f ~/.ssh/id_rsa -t rsa
Enter passphrase (empty for no passphrase):

Do not use your account password, nor an empty passphrase. The passphrase should also be at least 8 characters long.

Distributing a key

The public portion of the RSA key pair must be copied to your server and appended to ~/.ssh/authorized_keys to enable access. If you are running Linux, the public key information to be copied should be located in the ~/.ssh/id_rsa.pub file on your PC.

To copy the public key to your server run:
client$ scp ~/.ssh/id_rsa.pub username@server.example.org:

server$ mkdir ~/.ssh
server$ chmod 700 ~/.ssh
server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
server$ chmod 600 ~/.ssh/authorized_keys
server$ rm ~/id_rsa.pub


Disabling Password Authentication

Once you have loaded your key onto the server and have tested that you are able to login using the key, you can then edit your ssh configuration on the server to disable standard password authentication.

As root, edit the file /etc/ssh/sshd_config on your server.

Ensure the following lines exist and edit as follows
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

PasswordAuthentication no

ChallengeResponseAuthentication no

UsePAM no


Save the file, and restart sshd
/etc/init.d/sshd restart


Your server is now secure from brute force ssh attacks.


Mail | Print


Additional Info
General
Article Number: 121
Views: 1500
Created By: Ryan Peel
Date Created: 23/06/2006
Last reviewed by: Ryan Peel
Last updated: 23/06/2006


Comments
Christiaan
Posted on 7/26/2006 12:35:06 PM

You will have to convert the private key from OpenSSH fromat to PuTTY format if using PuTTY or WinSCP.

You can use PuTTYgen to convert it for you.



Article Rating
Average Rating: 4.3 (3 Votes)
Rate this article:
5 (Great!)
4
3
2
1 (Awful!)


Client Log In
User
Pass
Contact
0861-555-222
24 hours a day / 7 days a week
Live Assistance
News
WA acquires Frogfoot consumers MailFire: Email Marketing Launched! Hosting Overage Traffic Price Reduction
Testimonials
You guys are doing an excellent job and you customer service is comparable and even exceeds some of the biggest businesses in South Africa if not the world. True pleasure to be serviced by WebAfrica.
- Sulaiman Fredericks
Privacy PolicyTerms & ConditionsDisclaimerRefund PolicyAcceptable Usage PolicyEmail this page to a friendPrint
ISPA Member Copyright Web Africa 1996 - 2009. All rights reserved.
Site Map | ADSL | Web Hosting | Windows Hosting | Linux Hosting | Reseller | Reseller Hosting | Domain Registration | Dedicated Servers