Don’t make the mistake of thinking that because you have SSH installed, that you have a secure system. Some work needs to be done to ensure that your server is in top shape. They main weakness with the default SSH installation is the fact that password authentication is allowed. This only gives it one advantage over Telnet, the fact that when your password goes over the net it is encrypted. This does not stop someone from guessing your password especially those users that have weak passwords. As such SSH with key authentication should be used. To do this follow these easy steps.
- With putty create a key pair using Putty key-gen
- Copy the openssh public key in the putty window and save your putty private and public key
- On the server create a .ssh directory in the user’s home directory
- Create an authorized_keys file in the .ssh directory
- Paste the public key that you copied during the key generation into the authorized_keys file
- Save the authorized_keys file
- Make sure that the permissions on the user’s .ssh directory are appropriately secure, this is done as follows: chmod –R 700 .ssh, if you are root ensure that the user you are setting up owns the .ssh directory chown –R user:user /home/user/.ssh
- In /etc/ssh/sshd_config set: PasswordAuthentication no
- In the sshd_config file, set up a list of allowed users by uncommenting AllowUsers and specifying the users separated by a space eg AllowUsers Fred Joe
- Ensure PermitRootLogin is commented out
- Restart sshd, service sshd restart
- Associate your private key with your putty saved session for your server.
- Connect to the server. Any errors will be found in /var/log/secure.
No comments:
Post a Comment