A strong password is typically composed of upper-case and lower-case letters, numbers, and special characters. You can even create a 20-character password and, in all likelihood, nobody will ever guess it. But do you really want to type in a 20-character password every time you need to access the server? Maybe you might, but most people really do not want to. Therefore, in this lab, we will configure SSH key-based authentication, which is far more secure and you do not have to type in any passwords when you log in to the server. Furthermore, when key-based authentication is configured, most people forget to disable password-based authentication altogether. We will not forget to do this. Finally, we will also disable root-based login as an extra security precaution.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Generate a Key Pair on the Client for SSH
Note: For this lab, the use of a standalone terminal app with ssh support is best as the Instant Terminal does not permit port 61613. The instance does take a minute or so to be ready to be connected to via ssh. Please use port 61613 when connecting to this lab.
ssh-keygen
- Copy the Newly Created Key Over to the Server
Open your newly created key (replace
<PATH_TO_PUBLIC_KEY>
with your path):vim <PATH_TO_PUBLIC_KEY>
Select all and copy.
Open
/home/cloud_user/.ssh/authorized_keys
:vim /home/cloud_user/.ssh/authorized_keys
Paste in the public key.
Save and quit:
ESC :wq ENTER
- Configure SSH to Not Allow Root Login or Password-Based Authentication and to Allow Key-Based Authentication
Open the file:
sudo vim /etc/ssh/sshd_config
Make the following changes:
PermitRootLogin no PasswordAuthentication no ChallengeResponseAuthentication no PubkeyAuthentication yes
Save and quit:
ESC :wq ENTER
Restart the sshd service:
sudo systemctl restart sshd
- Test the New Configuration by Logging Out and Back in with the Newly Created Key
Log out:
exit
Log in with the newly created key (replace
<PATH_TO_PRIVATE_KEY>
with your path):ssh cloud_user@SERVER_IP -p 61613 -i <PATH_TO_PRIVATE_KEY>