SSH Security Using Key Pairs

Guide on configuring SSH Key-Based Authentication on a Linux Server

The basic SSH authentication on you Linux server is through username and password , however, even complex passwords are susceptible to “brute-force” type of attack. Here’s a simple guide on configuring SSH Key-Based authentication.

Typical SSH authentication

Using Putty SSH client for Windows OS.

Configure your Linux server to accept SSH key-based authentication

Edit sshd_config (must have root privilege)

[root@ashvawrkcent ~]# vi /etc/ssh/sshd_config

Set PermitRootLogin to no

PermitRootLogin no

Set PasswordAuthentication to no

PasswordAuthentication no

Set ChallengeResponseAuthentication to no

ChallengeResponseAuthentication no

Save and close the sshd_config file

Restart sshd and check the status for any errors

Generate Keys in Linux server

Generate keys by executing “ssh-keygen and use the default file. Create passphrase to protect your keys. You can use these keys to connect from your Linux server to other Linux systems using keys.

Generate Keys using Putty for Windows client

In your Windows system, open Putty Key Generator. You can download it from https://www.puttygen.com/

Generate keys

In your Linux server, create a file called “authorized_keys”

From your Putty Key Generator, copy the public key

Paste it to the authorized_keys file and save.

Save your public and private keys and create a passphrase

Create another Putty session to connect to your Linux server

Under Category, navigate to -> Connection -> SSH -> Auth. Look for the Private Key file for authentication settings and browse for your private key that you just saved.

Save the configuration by going back to Category -> session and hit the save.

Now you can authenticate in SSH using keys

Conclusion

Secure your ssh connection by using keys.

Here’s a peek on SSH ‘Bruteforcer’ traffic worldwide. These source IP addresses have been observed attempting to bruteforce SSH server credentials globally.