SSH Keys on CentOS

[laughingbuddha]

Hi,

I want to beef up my SSH security a little and start using ssh keys. I'm the only user allowed to use SSH, as I don't let my clients have access.

I currently lock my SSH port down to just my IP, but I intend to change the SSH port number to something random as an added security measure. I also have disabled root login, and currently login via one user/pass and then asume root from there with another password.

Firstly how do I install auth keys?
Secondly does this elimenate the use of extra username and passwords as I mentioned above?

I did try watching your tutorial at: http://www.atomicorp.com/Tutorials/putt ... h-keys.swf but it is wrong, or at least wrong in my case. There is no .ssh folder.

Thanks

[mikeshinn]

You have to create the .ssh folder.

[laughingbuddha]

Ok, but do you create the keys and directory as the root user, or as the user account you use to connect to the box to asume root?

[mikeshinn]

You create the keys on your desktop, do not create the keys on the server.

[faris]

Use Putty's puttygen to create your key (ssh-rsa).
Create an .ssh directory in your non-root account
copy the key there (one line of characters) into a file called authorized_keys
Set permissions on the directory and file correctectly. Name the file correctely (autorized_keys). done.

Code: Select all

drwx------  2 username username 4096 DATE TIME .
dr-xr-x---. 7 username username 4096 DATE TIME ..
-rw-r--r--  1 username username SIZE DATE TIME authorized_keys

Attempt to login using the key only.
If you can then you should be OK and can try disabling pasword logins.
But be absolutely sure it is working before you do so!!

And do not follow my instructions until some time has passed after I have posted to allow for others to see it and make sure that I've not made any errors in it that might cause you some problems - as usual I've done it from memory so I could be wrong.

[laughingbuddha]

And do not follow my instructions until some time has passed after I have posted to allow for others to see it and make sure that I've not made any errors in it that might cause you some problems - as usual I've done it from memory so I could be wrong.

lol ok mate, thanks

[biggles]

Personally I always try with a second ssh window beside the first one being online. Then I can revert my changes if the newly created ssh keys doesn't work.

[laughingbuddha]

Good idea.

[laughingbuddha]

what are the file permisions for autorized_keys and the .ssh directory supose to be?

I read in another guide to make them chmod 600 and 700 respectively, but I'm not 100% confident that is correct.

[scott]

my shortcut:

chown -R me.mygroup ~/.ssh
chmod -R 700 ~/.ssh

[laughingbuddha]

Thanks guys.

I think I've got it sorted, although when I changed the port number from 22, when I ran an ASL -s -f it moved the SSH back to 22. Is that something I have to change in the ASL config/web gui?

[mikeshinn]

Correct, you want to change this in ASL:

https://www.atomicorp.com/wiki/index.ph ... n#SSH_PORT