SSH logins are susceptible to brute force attacks. A thousand things can go wrong which could give someone unauthorized access to your server. The best way to secure your SSH login is to use Public/Private PEM keys. This is default login type for Amazon EC2 servers. Unfortunately Amazon’s interface only created a single account. This tutorial will show you how to setup additional PEM keys for other users.
Once you’ve logged into your server, do the following:
Step 1: New Account setup
Here we will create the new account, and add them to the sudoers group.
sudo adduser user1
sudo su
passwd user1
visudo
Optional: Add the user to Sudoers
visudo
#add this to the last line
1 user1 ALL = (ALL) ALL
Step 2: Generate the Public/Private key files
Now we will create the public and private key files for user1
su user1
#Enter the password
cd ~/
ssh-keygen -b 2048 -t rsa -f user1
mkdir .ssh
chmod 700 .ssh
cat user1.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
chown 600 user1 .ssh
chown user1 .ssh/authorized_keys
Step 3: Download your private key
If you key is not in .pem format you can change it via below command
openssl rsa -in user1 -outform PEM -out user1.pem
You will now have to download, or copy the contents of your private pem file.
If you are going to copy the contents of the file to a key file on your local system, just copy and paste the data into a new file.
Before using your key, make sure to change the permissions to 600.
chmod 600 user1.pem
Step 4: Test your SSH Login
Now let’s test our password-less login to make sure the private pem files are working.
ssh -i /path/to/file/user1.pem user1@server1.exampledomain.com
That should do it! Hope you find this tutorial workable.
Once you’ve logged into your server, do the following:
Step 1: New Account setup
Here we will create the new account, and add them to the sudoers group.
sudo adduser user1
sudo su
passwd user1
visudo
Optional: Add the user to Sudoers
visudo
#add this to the last line
1 user1 ALL = (ALL) ALL
Step 2: Generate the Public/Private key files
Now we will create the public and private key files for user1
su user1
#Enter the password
cd ~/
ssh-keygen -b 2048 -t rsa -f user1
mkdir .ssh
chmod 700 .ssh
cat user1.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
chown 600 user1 .ssh
chown user1 .ssh/authorized_keys
Step 3: Download your private key
If you key is not in .pem format you can change it via below command
openssl rsa -in user1 -outform PEM -out user1.pem
You will now have to download, or copy the contents of your private pem file.
If you are going to copy the contents of the file to a key file on your local system, just copy and paste the data into a new file.
Before using your key, make sure to change the permissions to 600.
chmod 600 user1.pem
Step 4: Test your SSH Login
Now let’s test our password-less login to make sure the private pem files are working.
ssh -i /path/to/file/user1.pem user1@server1.exampledomain.com
That should do it! Hope you find this tutorial workable.
No comments:
Post a Comment