While password authentication can be made secure with complex passwords, changing the SSH port, and disabling the root user, it is best to make use of SSH keys for accessing your VM. You use these to protect your cloud server against brute force password attacks by using a public-private SSH key pair.
Prerequisites: First, you would need to create an SSH key using an SSH client that is installed on your local machine. With Linux and Mac, OpenSSH is included, but if you’re using Windows you’d need to use an SSH client like PuTTY.
The following Steps will guide you through setting up SSH Keys:
1) Run the following command to generate an SSH key.
This will prompt you to set a location for the keys. The default location is the ~/.ssh directory, and the default filenames would be id_rsa for the private, and id_rsa.pub for the public. Unless you’re very familiar with the process, it’s best to use the default locations so that no additional configuration would be needed. Pressing ENTER on the keyboard should tell it to advance using the default locations.
After you choose the location, you’ll be prompted to enter a password which will encrypt the SSH key file on your machine. You can choose to enter one, or press ENTER to skip this process. If you do choose to encrypt the key, you’ll be asked for the password each time you authenticate with the key.
Next, you’ll want to copy the public key onto the server you wish to use the SSH Key authentication on. You should be able to output the contents of the key file with the following command:
# cat ~.ssh/id_rsa.pub
Copy the entire output to you clipboard and SSH into the server you wish to install the public key on. Once you have logged into the server you want to place the SSH key into, you may need to create the ~/.ssh directory if one is not already present. You can do so by running the following command:
# mkdir -p ~/.ssh
Now you’ll need to create the file to place the output of the public key you copied.
# nano ~/.ssh/authorized_keys
Paste the output of the public key that you copied using CTRL+SHIFT+V (or right clicking > paste). After the content is placed into the file, save and close the file by pressing CTRL+O and then ENTER, followed by CTRL+X.
Finally, you’ll need to modify the permissions on the ~/.ssh and the authorized_keys files with the following commands:
# chmod 700 ~/.ssh # chmod 600 ~/.ssh/authorized_keys
Once this is done, test that you’re able to log into your VM without being prompted for a password. If access without a password is granted, your SSH Key setup was successful. You can now modify your /etc/ssh/sshd_config file and change PasswordAuthentication yes to PasswordAuthentication no