SSH Keys on CentOS
-
- Forum Regular
- Posts: 512
- Joined: Mon Mar 10, 2008 9:12 pm
- Location: Southampton, UK
SSH Keys on CentOS
Hi,
I want to beef up my SSH security a little and start using ssh keys. I'm the only user allowed to use SSH, as I don't let my clients have access.
I currently lock my SSH port down to just my IP, but I intend to change the SSH port number to something random as an added security measure. I also have disabled root login, and currently login via one user/pass and then asume root from there with another password.
Firstly how do I install auth keys?
Secondly does this elimenate the use of extra username and passwords as I mentioned above?
I did try watching your tutorial at: http://www.atomicorp.com/Tutorials/putt ... h-keys.swf but it is wrong, or at least wrong in my case. There is no .ssh folder.
Thanks
I want to beef up my SSH security a little and start using ssh keys. I'm the only user allowed to use SSH, as I don't let my clients have access.
I currently lock my SSH port down to just my IP, but I intend to change the SSH port number to something random as an added security measure. I also have disabled root login, and currently login via one user/pass and then asume root from there with another password.
Firstly how do I install auth keys?
Secondly does this elimenate the use of extra username and passwords as I mentioned above?
I did try watching your tutorial at: http://www.atomicorp.com/Tutorials/putt ... h-keys.swf but it is wrong, or at least wrong in my case. There is no .ssh folder.
Thanks
Matt
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: SSH Keys on CentOS
You have to create the .ssh folder.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- Forum Regular
- Posts: 512
- Joined: Mon Mar 10, 2008 9:12 pm
- Location: Southampton, UK
Re: SSH Keys on CentOS
Ok, but do you create the keys and directory as the root user, or as the user account you use to connect to the box to asume root?
Matt
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: SSH Keys on CentOS
You create the keys on your desktop, do not create the keys on the server.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: SSH Keys on CentOS
Use Putty's puttygen to create your key (ssh-rsa).
Create an .ssh directory in your non-root account
copy the key there (one line of characters) into a file called authorized_keys
Set permissions on the directory and file correctectly. Name the file correctely (autorized_keys). done.
Attempt to login using the key only.
If you can then you should be OK and can try disabling pasword logins.
But be absolutely sure it is working before you do so!!
And do not follow my instructions until some time has passed after I have posted to allow for others to see it and make sure that I've not made any errors in it that might cause you some problems - as usual I've done it from memory so I could be wrong.
Create an .ssh directory in your non-root account
copy the key there (one line of characters) into a file called authorized_keys
Set permissions on the directory and file correctectly. Name the file correctely (autorized_keys). done.
Code: Select all
drwx------ 2 username username 4096 DATE TIME .
dr-xr-x---. 7 username username 4096 DATE TIME ..
-rw-r--r-- 1 username username SIZE DATE TIME authorized_keys
If you can then you should be OK and can try disabling pasword logins.
But be absolutely sure it is working before you do so!!
And do not follow my instructions until some time has passed after I have posted to allow for others to see it and make sure that I've not made any errors in it that might cause you some problems - as usual I've done it from memory so I could be wrong.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
-
- Forum Regular
- Posts: 512
- Joined: Mon Mar 10, 2008 9:12 pm
- Location: Southampton, UK
Re: SSH Keys on CentOS
lol ok mate, thanksAnd do not follow my instructions until some time has passed after I have posted to allow for others to see it and make sure that I've not made any errors in it that might cause you some problems - as usual I've done it from memory so I could be wrong.
Matt
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
Re: SSH Keys on CentOS
Personally I always try with a second ssh window beside the first one being online. Then I can revert my changes if the newly created ssh keys doesn't work.
-
- Forum Regular
- Posts: 512
- Joined: Mon Mar 10, 2008 9:12 pm
- Location: Southampton, UK
Re: SSH Keys on CentOS
Good idea.
Matt
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
-
- Forum Regular
- Posts: 512
- Joined: Mon Mar 10, 2008 9:12 pm
- Location: Southampton, UK
Re: SSH Keys on CentOS
what are the file permisions for autorized_keys and the .ssh directory supose to be?
I read in another guide to make them chmod 600 and 700 respectively, but I'm not 100% confident that is correct.
I read in another guide to make them chmod 600 and 700 respectively, but I'm not 100% confident that is correct.
Matt
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: SSH Keys on CentOS
my shortcut:
chown -R me.mygroup ~/.ssh
chmod -R 700 ~/.ssh
chown -R me.mygroup ~/.ssh
chmod -R 700 ~/.ssh
-
- Forum Regular
- Posts: 512
- Joined: Mon Mar 10, 2008 9:12 pm
- Location: Southampton, UK
Re: SSH Keys on CentOS
Thanks guys.
I think I've got it sorted, although when I changed the port number from 22, when I ran an ASL -s -f it moved the SSH back to 22. Is that something I have to change in the ASL config/web gui?
I think I've got it sorted, although when I changed the port number from 22, when I ran an ASL -s -f it moved the SSH back to 22. Is that something I have to change in the ASL config/web gui?
Matt
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: SSH Keys on CentOS
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone