SSH Authorized Keys
Creating The Authorized Keys
If you need to create a private and public ssh key, run the following command.
ssh-keygen -t rsa -b 4096 -C "email@example.com"
By default, AWS will give you a .pem key when you create your server. The key is automatically added into the authorized keys upon creation. If you like this way, you can keep it, but you can specify it even more if you were going to give your team access too, and wanted an easy way to remove them afterwards instead of using just the same .pem file.
On your computer, we need to retrieve your ssh key. You can do so by using one of the two commands.
# Copy and paste it from terminal
cat ~/.ssh/id_rsa.pub
# Copy straight to clipboard
pbcopy < ~/.ssh/id_rsa.pub
Once you have that, ssh into your box the normal way you have been.
ssh -i /path/to/pem user@domain.com
Once logged in, open up your authorized_keys for this deploy user.
vim ~/.ssh/authorized_keys
You will see that one key is already in there, that is because that is the default one you have been using already. What you need to do next is copy and paste the your public ssh key we just got into this file. Each key should be one its own line.
Now log out and try the following command. If this works, everything was done correctly and you can now use your SSH keys instead of a static key file. In a team environment, delete and add keys as members come and go.
ssh user@domain.com
Disable Password Authentication
Your system still may be using passwords which can have security loop whole in a brute force attack. Make sure to disable empty passwords along with password authentication, PAM, and ChallengeResponseAuthentication.
sudo vim /etc/ssh/sshd_config
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
- Key icon made by flaticon.com
- Greater detailed article here