NDSU CS Department Wiki

User Tools

Site Tools

Trace:
cs101:generatesshkeys

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cs101:generatesshkeys [2018/11/09 18:21] – [2. Generate Keys] localadmincs101:generatesshkeys [2018/11/09 18:31] (current) – [2. Generate Keys] localadmin
Line 17: Line 17:
  
 Don't forget to open the proper port (default is 22) in the firewall to allow external connections. Don't forget to open the proper port (default is 22) in the firewall to allow external connections.
 +
  
  
Line 40: Line 41:
     ssh-copy-id <username>@<host>     ssh-copy-id <username>@<host>
          
-Where <username> is your username on the SSH Server and <host> is the IP address of the SSH server.+Where <username> is your username on the SSH Server and <host> is the IP address or [[cs101:fqdn|FQDN]] of the SSH server.
  
 If your client doesn’t support the ssh-copy-id command, you can use the following command instead. It’s more convoluted, but achieves the same results. If your client doesn’t support the ssh-copy-id command, you can use the following command instead. It’s more convoluted, but achieves the same results.
Line 48: Line 49:
 You will be asked to enter the your user password for the SSH server. If the commands finishes without errors, your public key will have been copied to the SSH server. You will be asked to enter the your user password for the SSH server. If the commands finishes without errors, your public key will have been copied to the SSH server.
  
 +
 +==== 4. Disable Password Authentication ====
 +
 +Your SSH server system still isn’t more secure than when you started step one. Although at least one client computer is configured to use key-based authentication, this still leaves room for other clients to connect using a password. To finish, we’ll disable password authentication altogether so only computers that have gone through the above process can connect to the SSH server.
 +
 +To disable password authentication, edit the /etc/ssh/sshd_config file in your favorite editor. As the file is restricted to root you will need to edit the file with an administrator account. The easiest ways to edit a restricted file is to use a text editor in a Terminal. (I find nano to be easiest, but you can use whatever you’re most comfortable with.)
 +
 +    sudo nano /etc/ssh/sshd_config
 +
 +Find the line
 +
 +#PasswordAuthentication yes
 +
 +Remove the number sign (#) and change the setting to ‘no’, as below.
 +
 +PasswordAuthentication no
 +
 +Save the file by pressing CTRL+X (if using nano). Confirm the edit and the filename and you’re done editing the SSH server's configuration. Restart the SSH server to run it with the new settings.
 +
 +    sudo restart ssh
 +
 +You will notice that your client will stop asking for the passphrase to decrypt your key if password authentication is disabled on the server.
  
cs101/generatesshkeys.1541787691.txt.gz · Last modified: by localadmin