For better security we should use public key authentication on the server.

Here is steps how to do it.

1. Generate SSH key pair on your local computer.

Skip if you already have ssh key pair in your local computer

Output:

Hit ENTER and enter passphrase for your SSH key pair. Full output should be like this:

Now you have SSH key pair on your local computer.

2. Login to your server as root user and create new user.

This step can be skipped if you already have user on your server

Output:

Type YES and continue connecting to your server

Create new user. I will create user ‘igor’

You will be asked about Full name, Room name, phone numbers, etc. After you will be asked about information correctness. Hit ‘y‘ if all is correct.
Sure this steps can be skipped.

I’ve entered full info. So, my output is here. Your output should be like this:

You just have created new user in your server

3. Add Root Privileges for your new user

This step can be skipped if you already added root privileges for your user

Now your user able to run commands with sudo

4. Add Public Key Authentication for your server

There 2 ways how to do it. One using just one command. Second one is manually.

Method 1. Using ssh-copy-id

Just run next command on your local computer

In my case command is:

ssh-copy-id will do all for you. You just need enter password for your server’s user.
Full output should be like this:

Method 2. Manually

Add your PUBLIC key into~/.ssh/authorized_keys file on your server. First you need go to your local computer and copy this key into clipboard.
I’ve showed my key into output and copy it from there.

My output with SSH public key here. Your should be like this.

Copy it into clipboard.

Login to your server as root and temporary switch to your user.
I’m switching to my user ‘igor’

Create ~/.ssh dir on your server if you don’t have it and change access rights for it

Create ~/.ssh/authorized_keys file on your server if you don’t have it. Edit this file.

Paste your PUBLIC ssh key into ~/.ssh/authorized_keys and save file.
To do it in nano you need hit Command+X for Mac OS or CTRL-X for Windows after hit Y and ENTER

5. Disable Password Authentication (Recommended)

Now your new user can use SSH keys to log in.
To make more better security you need disable password-only authentication.
After this your server will have public key authentication only.

Edit SSH daemon configuration using nano. It can be done using root or user with sudo rights.

command for root:

command for user with root rights

Find  PasswordAuthentication, uncomment it by deleting the #, then change its value to “no“. After it line should looks like this:

Also ensure that you have

Save file by hitting Command+X for Mac OS or CTRL-X for Windows after hit Y and ENTER

Restart SSH Daemon

Command for root:

Or for user with sudo rights

That’s all your server is done. Let’s try how it works.

Try to connect to your server using SSH.

In my case will be next:

Then you should see next output:

Enter passphrase from YOUR COMPUTER‘s ssh key.
If all is ok you will get access into your server. Like this:

Happy coding everyone!

Share my post if you like it.


0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.