Secure Shell (SSH) is a cryptographic network protocol that allows data to be transferred using a secure channel between digital devices.
Primarily used in Linux and Unix multi-user operating systems, SSH has been developed as a replacement for Telnet and other insecure remote access protocols that send unencrypted information, notably passwords, making them vulnerable to discovery through traffic analysis.
Encryption used by SSH is used to ensure the confidentiality and integrity of data transmitted through an insecure network such as the Internet.
SSH Key
SSH keys provide a safer way to log in to an SSH server in a different way than a password.
While a brute force attack can eventually discover a password, the SSH keys are almost impossible to decipher with only brute force. Generating a pair of keys offers two long strings: a public key and a private key. You can place the public key on any server, and then unlock it by connecting it to a client that already has the private key. When the two fit, the system opens without the need for a password. You can increase security even more by protecting your private key with an access password.
How can you create an SSH key?
1) Create RSA Key Pair.
The first step is to create the key pair on the client machine:
ssh-keygen -t RSA
2) Save the Keys and Password.
After you have entered the key generation command, you will have to answer some questions:
Enter file in which to save the key (/home/BBBB/.ssh/id_rsa):
You can click enter here, saving the file to the user’s home directory in this case, for example, my user will be called BBBB.
Enter passphrase (empty for no passphrase):
Setting an access password has its advantages: the security of a key, no matter how encrypted, is still private because it is not visible to anyone else. If a private key protected by an access password gets unauthorized by users, they will not be able to connect to the associated accounts until they enter the authentication password. The only downside to an access passphrase is that you will need to write it every time you use the key pair.
The entire key generation process looks like this:
ssh-keygen -t RSA
A public/private RSA key pair is generated.
Enter file in which to save the key (/home/BBBB/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identity has been saved in /home/BBBB/.ssh/id_rsa.
Your public key has been saved in /home/BBBB/.ssh/id_rsa.pub.
The key fingerprint is generated.
The key’s random image is also generated.
The public key is now located in /home/BBBB/.ssh/id_rsa.pub
The private key is located in /home/BBBB/.ssh/id_rsa.
3) Copy the public key
Once the key pair is generated, it’s time to place the public key on a virtual server that you want to use.
You can copy the public key to the new machine in the authorized_keys file using the ssh-copy-id command.
4) Disable Root Login Password
Once you have copied the SSH keys on the server and assured yourself that you could log in with SSH keys yourself, you can go further to restrict SSH access to the server.
For this operation, open the SSH configuration file:
sudo nano / etc / ssh / sshd_config
In that file, find the line that includes PermitRootLogin and modify it to ensure users can only connect with their SSH key:
PermitRootLogin without-password
Make changes to your application:
reload ssh