Step 1: Update repository and Install SSH
- admin@prodserver01:/# apt-get update
- admin@prodserver01:/# apt-get upgrade
- admin@prodserver01:/# apt-get install openssh-server
You are done with installing SSH. Next is to configure SSH.
Step 2: Part 1 –Must Needed or Basic configuration to start working with SSH:
Part 1 –
Lets edit sshd config file with the following command:
Lets define the SSH port.For example I am going to use port to 222. I must update the sshd_config SSH port
Lets define max login attempts to my SSH Port . I am going to restrict user after 3 wrong login attempts. I want user SSH session should get terminated after the set number of try limits. This is very important for security of your server and this can be used for prevention from brute force attack . Update sshd_config file:
Lets restrict certain user to connect to my SSH port . I am going to allow certain users only to to login on my server and deny all other users. I will add wasadmin only to connect to prodserver01 Unix server. Add the following line at the end of the file and after that save the file /etc/ssh/sshd_config.
Lets Restart SSH service with the following command:
Step 3: Part 2 –Advance Configuration to make SSH connection secure and easy
Part 2 –
I am going to configure SSH Key-Based Authentication on my Server
According to me, key-Based Authentication is better way to protect our servers from unauthorized access. Unfortunately this is not the very convenient ways of doing, because I will have to bring the key with me.
Step 1: Create .ssh folder, change it's permission :
Step 3 – Generate Keys – If you ‘Enter passphrase’ you must remember it and use it in the following steps:
admin@prodserver01:ssh-keygen -t rsa
( just keep pressing enter , if you do no want to use passphrase )
- id_rsa.pub --> This is your public key. That means, having this key on any other servers like ( prodserver02,prodserver03 etc ), you can connect to that server from your current host (prodserver01 ).
- id_rsa - Private Key
Note :
They're a key pair: id_rsa is your private key -- it should be kept secret, so that only you can use it; and id_rsa.pub is your public key -- you give it out so that others can verify that a given signature came from your private key. Your private key is used to sign things, and your public key is used to verify your signature.
In terms of authorized_keys and ssh, they're used like this:
1. Whoever owns the box appends the contents of your public key (id_rsa.pub) to ~/.ssh/authorized keys. This tells ssh, "if you get a request that is signed by the private key corresponding to this public key, let that request log in without a password".
2. You then initiate an ssh connection to that machine as the user whose authorized_keys contains your public key. You won't be prompted for a password, because your request will be automatically signed using your private key. ssh uses your public key to verify that the signature is valid, and allows you to log in.
Step 4 – Append the public key just generated to authorized_keys file that we created above.
Step 5 – Edit the ssh server config file with vi /etc/ssh/sshd_config to make sure that public key authentication is enabled (it should be enabled by default):
Step 6 – These entries must be set to YES.
PubkeyAuthentication yes
Step 7 – The following settings should be set to NO:
PasswordAuthentication no
UsePAM no
Step 9 – Restart ssh service with the following command:
Step 10 – Now we must get private key code.
Step 11 – Paste in notepad and save without extension
Step 12 – When you connect to your server you must browse your ‘id_rsa.ppk’ file in putty.