One popular usage of SSH is to allow users to access a command shell on a remote computer for administrative purposes, normally TCP port 22 is used by it. SSH logins are very sensitive to brute force attacks. A thousand things can go wrong which could give someone unauthorized access to your server. As long as people use weak passwords, the bad guys will be trying to brute force them.
Because a lot of people with SSH servers use weak passwords, many online attackers will look for an SSH server, then start guessing passwords at random. An attacker can try thousands of passwords in an hour, and guess even the strongest password given enough time. The recommended solution is to use SSH keys instead of passwords.
The best way to secure your SSH login is to use Public/Private PEM keys. This is default login type for Amazon EC2 servers. In this post will show you how to use PEM file to login to your VPS or any other Ubuntu server.
Login to your server as root user, do the following steps:
Step 1 : Generate SSH Private/Public Keys:
We will first create a public and private key files for user ubuntu.
sudo ssh-keygen -b 2048 -f identity -t rsa
Enter passphrase (empty for no passphrase):
Leave passphrase empty. It will generate two files identity and identity.pub.
Where identity is private key file contains the RSA private key when using the SSH protocol version 1
identity.pub is public key file contains the RSA public key for authentication when you are using the SSH protocol version 1. A user should copy its contents in the
$HOME/.ssh/authorized_keys file of the remote system where a user wants to log in using RSA authentication.
Copy public key contents to
sudo cat identity.pub >> .ssh/authorized_keys
Step 2 : Disable Password Authentication:
As we want user should login to server only using the private key we will disable the password authentication to server.
First, make a backup of your sshd_config file by copying it to your home directory.
sudo cp /etc/ssh/sshd_config ~/sshd_config.factory-defaults
Once you’ve backed up your sshd_config file, you can make changes with any text editor, for example;
sudo nano /etc/ssh/sshd_config
To disable password authentication, look for the following line in your
replace it with a line that looks like this:
sudo service ssh restart
All above steps should be follow on your VPS / Ubuntu Server
Step 3 : Download your private key:
Copy the contents of the file private key file identity to a key file identity.pem on your local system, just copy and paste the data into a new file.
Before using your key, make sure to change the permissions to 600.
sudo chmod 600 identity.pem
Step 4 : Test Password-less ssh login
Let’s test our password-less login to make sure the private pem files are working.
ssh -i /path/to/file/identity.pem email@example.com
And that’s it you are log in to system without password. Hope you find this tutorial helpful. Feel free to ask questions! Don’t forget to like or to leave a comment if its really help you.