DEV Community

Cover image for SSH - Configurations
Edwin
Edwin

Posted on

SSH - Configurations

SSH COMMANDS

Generate the ssh-key run the command in your terminal
then either rename your key or type enter to continue with the generic given name which is id_rsa for private key and id_rsa.pub for public key

ssh-keygen -t rsa

Enter fullscreen mode Exit fullscreen mode

add Identity

ssh-add /home/user/.ssh/id_rsa

Enter fullscreen mode Exit fullscreen mode

Add the Identity to Github


cat /home/user/.ssh/id_rsa.pub

Enter fullscreen mode Exit fullscreen mode

If the ssh key is meant for GitHub, go to settings look for ssh keys and gpg keys, and paste the copied keys after running the cat command here. Then you are done. You can now use the key to access your GitHub.

Server Key


If the key was meant to be a server key then ssh into your server using your root password and run the following commands in root.

mkdir /home/user/.ssh

touch /home/user/authorized_keys

sudo nano /home/user/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Run the following command on your local machine:

cat /home/user/.ssh/id_rsa.pub
Enter fullscreen mode Exit fullscreen mode

This will give you the public which you copy and paste into the authorized_keys file after the sudo nano command opens the file.ctr + x, you will be prompted if you want to save the file type 'Y' for yes then enter to save. Now exit the server by typing exit then ssh into the server as shown below:

ssh user@134.565.56.31


Enter fullscreen mode Exit fullscreen mode

Replace the user with your username and the IP address with your IP and it should automatically ssh you into your server without needing the password.

Disable Root Password Login For the Server

Type the following commands in your bash terminal to open the file

sudo nano /etc/ssh/sshd_config

Enter fullscreen mode Exit fullscreen mode

After which navigate to the section similar to as below and change the yes to no.

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxAuthSessions 10
Enter fullscreen mode Exit fullscreen mode

After changing the option to no CTR + x a prompt of whether you want to save the new file will appear type 'Y' then enter to save.

Reload the saved file by typing the command below and

sudo systemctl reload sshd

Enter fullscreen mode Exit fullscreen mode

then you are done no one can ssh using the root password to your server. This is mainly to protect against brute force attacks into your server.

Adding an SSH-KEY into your server

You will mainly do this when you want to be able to access other commands like git cloning or pull from Github or GitLab without being prompted for the password each time.
First, confirm that the user created in your server owns the ssh file.run

ls -la
Enter fullscreen mode Exit fullscreen mode

then look for the ssh file

edwin edwin 807 Sep 7 11:09 .profile
2 root root .ssh

As you can see my file is owned by the root, hence if I try to generate any ssh key I will get a permission denied error. I have to change ownership from root to the user I created. I do this by running the commands below in the terminal.

 sudo chown -R edwin:edwin /home/edwin
Enter fullscreen mode Exit fullscreen mode

If you run ls -la again you will notice the ssh file switched ownership from root to your current user. i.e mine is now edwin edwin .ssh

After this is done you can run in the terminal:

ssh-keygen -t rsa

Enter fullscreen mode Exit fullscreen mode

You will get prompted with a file path in case you want to rename the ssh file type if you don't need this, otherwise, type the same path.i.e /home/user/.ssh/id_rsa_github.
Then type enter and enter a passphrase in, this is just for some extra security or you can skip this step by just pressing enter again until you see the weird figure below.
The key's randomart image is:


+---[RSA 3072]----+
| ..+ |
| ..o. |
| OoE+.o |
| o
=B==* |
| =+SBo* |
| o *+oo |
| o + .o |
| . o =. . |
| . +o |
+----[SHA256]-----+


run:

eval `ssh-agent -s`

Enter fullscreen mode Exit fullscreen mode

then:


ssh-add /home/*user*/.ssh/id_rsa_github
Enter fullscreen mode Exit fullscreen mode

This will add the Identity the cat the id_rsa_github.pub or whatever you named your public key by running the command below.

cat /home/*user*/.ssh/id_rsa_github.pub

Enter fullscreen mode Exit fullscreen mode

copy this whatever is inside the file and paste it again to GitHub.
and now you are done.

Top comments (2)

Collapse
 
brandonwallace profile image
brandon_wallace • Edited

Here are some tips my friend.

Here is a better command to run to create the ssh key.

$ ssh-keygen -t rsa -b 4096 -C “brandon@example-email.com” -f ~/.ssh/id_rsa

Then you copy the public key to the server with this one command. It will create the authorized_keys file automatically.

$ ssh-copy-id -i ~/.ssh/id_rsa.pub username@server_ip_address

Chain these commands together like this.

$ eval $(ssh-agent -s); ssh-add /home/$USER/.ssh/id_rsa

Make sure you have sudo access, then lock the root account. It will add more security to your server.

$ sudo passwd -l root

Collapse
 
ibonkonesa profile image
Ibon

You can also create alias to connect your favourites servers. Just edit your ~/.ssh/config adding this config for each server:

Host my-server
HostName ip_to_connect
User user_to_connect

Then you will can access server just typing: ssh my-server