Page 1 of 1
SSH Keys on CentOS
Posted: Tue Nov 27, 2012 8:00 pm
by laughingbuddha
Hi,
I want to beef up my SSH security a little and start using ssh keys. I'm the only user allowed to use SSH, as I don't let my clients have access.
I currently lock my SSH port down to just my IP, but I intend to change the SSH port number to something random as an added security measure. I also have disabled root login, and currently login via one user/pass and then asume root from there with another password.
Firstly how do I install auth keys?
Secondly does this elimenate the use of extra username and passwords as I mentioned above?
I did try watching your tutorial at:
http://www.atomicorp.com/Tutorials/putt ... h-keys.swf but it is wrong, or at least wrong in my case. There is no .ssh folder.
Thanks
Re: SSH Keys on CentOS
Posted: Tue Nov 27, 2012 10:39 pm
by mikeshinn
You have to create the .ssh folder.
Re: SSH Keys on CentOS
Posted: Wed Nov 28, 2012 10:16 am
by laughingbuddha
Ok, but do you create the keys and directory as the root user, or as the user account you use to connect to the box to asume root?
Re: SSH Keys on CentOS
Posted: Wed Nov 28, 2012 10:59 am
by mikeshinn
You create the keys on your desktop, do not create the keys on the server.
Re: SSH Keys on CentOS
Posted: Thu Nov 29, 2012 9:06 am
by faris
Use Putty's puttygen to create your key (ssh-rsa).
Create an .ssh directory in your non-root account
copy the key there (one line of characters) into a file called authorized_keys
Set permissions on the directory and file correctectly. Name the file correctely (autorized_keys). done.
Code: Select all
drwx------ 2 username username 4096 DATE TIME .
dr-xr-x---. 7 username username 4096 DATE TIME ..
-rw-r--r-- 1 username username SIZE DATE TIME authorized_keys
Attempt to login using the key only.
If you can then you should be OK and can try disabling pasword logins.
But be absolutely sure it is working before you do so!!
And do not follow my instructions until some time has passed after I have posted to allow for others to see it and make sure that I've not made any errors in it that might cause you some problems - as usual I've done it from memory so I could be wrong.
Re: SSH Keys on CentOS
Posted: Thu Nov 29, 2012 9:45 am
by laughingbuddha
And do not follow my instructions until some time has passed after I have posted to allow for others to see it and make sure that I've not made any errors in it that might cause you some problems - as usual I've done it from memory so I could be wrong.
lol ok mate, thanks
Re: SSH Keys on CentOS
Posted: Thu Nov 29, 2012 9:49 am
by biggles
Personally I always try with a second ssh window beside the first one being online. Then I can revert my changes if the newly created ssh keys doesn't work.
Re: SSH Keys on CentOS
Posted: Thu Nov 29, 2012 10:21 am
by laughingbuddha
Good idea.
Re: SSH Keys on CentOS
Posted: Thu Dec 06, 2012 5:03 pm
by laughingbuddha
what are the file permisions for autorized_keys and the .ssh directory supose to be?
I read in another guide to make them chmod 600 and 700 respectively, but I'm not 100% confident that is correct.
Re: SSH Keys on CentOS
Posted: Thu Dec 06, 2012 5:24 pm
by scott
my shortcut:
chown -R me.mygroup ~/.ssh
chmod -R 700 ~/.ssh
Re: SSH Keys on CentOS
Posted: Thu Dec 06, 2012 6:02 pm
by laughingbuddha
Thanks guys.
I think I've got it sorted, although when I changed the port number from 22, when I ran an ASL -s -f it moved the SSH back to 22. Is that something I have to change in the ASL config/web gui?
Re: SSH Keys on CentOS
Posted: Thu Dec 06, 2012 11:22 pm
by mikeshinn