One of the logging in the relatively secure VPS using SSH KEY instead you use a password. Default each VPS you will log in with the username root and the root password that supplier has sent you. However, using passwords always have 2 big risk is:
You will lose completely if revealing passwords.
The attacker can use Brute Force Attack to detect passwords.
Therefore, you should be familiar with SSH Key to login to VPS, as well as use it to authenticate the connection from the outside to be safer for VPS.
Method of operation of SSH Key
SSH Key you just understood simply as a way to access user authentication by matching between a Private Key and Public Key.
Public key and private key is always in close contact with each other so that it can identify themselves.
Example:
When creating an SSH Key, you will have both 2 this kind of key. Then you bring the public key installed on your server, you will save "private key" in the machine and when logging into the server, you will send a request login and attached to Private Key to sent the signal to the server, the server will check your Private key is identical to the server or not, if so, you will login complete.
Content of Public Key different Private Key, but it will still identify with each other through an algorithm of its own.
You can visualize Private Key is key and Public Key is locks. When key coincide with locks, you'll open the door.
The main component of an SSH Key
When creating an SSH Key, you should know there are 3 important components as follows:
Public Key (file types and string) - You'll copy below key placed in your file server. ~ / .ssh / authorized_keys
Private Key (file types and string) - You will save this file on your computer, then set up for PuTTY, WinSCP, MobaXterm, .. to be able to login.
Keypharse (format string, keep in mind) - to open private key password when logging into the server it will ask this.
And an SSH Key you can use for many different server.
I. How to create SSH Key
1. Windows
If you use Windows, you should use software to create SSH PuTTY-Gen.
Loaded you opened, you choose the options same picture and press Generate.
Completed, you will see it appear on this.
Now you put keypharse as below
Public key is starting with keywords: ssh-rsa-XXXXXX. It is the text you would coppy and save on the server. (You can retrieve this information by click "Load" on the PuTTYGen software . Then click file Private key. You can see information Private key.
2.Linux (Mac/Ubuntu/LinuxMint,..)
If you use Linux, you should use the Terminal. Open Terminal and enter the following key
ssh-keygen -t rsa
Then It will default save in /home/user/.ssh. You can leave blank and Enter.
Continue it will ask you: "Do you want to set keypharse?,If you want creat, you enter keypharse and Enter.
Once created, by default it will appear like this:
Your identification has been saved in /home/thach/.ssh/id_rsa.
Your public key has been saved in /home/thach/.ssh/id_rsa.pub.
The key fingerprint is:
5b:48:b3:14:27:a2:12:41:4e:46:72:9b:60:7c:09:11 thach@ubuntu
The key's randomart image is:
+--[RSA 2048]----+
|+E%.. . o . |
|.O * . . + |
| * . + |
| . o + |
| S . |
| o |
| . |
| |
| |
You can see it record save path private key file (id_rsa) and public key file (id_rsa.pub). To view the public key, open the file.
thach@ubuntu:~$ cat /home/thach/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrdtfWhzBfvC5zVErTM4nGK7GH039DRHPR/F5z7llyjxaHWDvQFr56i04MTIytarpRZzx9ARzUbnhnrrFXDB0b5Rn80iRJESL9zxDKpiR8iLeuRgUAP8D3gl+s9YS3TGUGBu7VnQOLynduKPylIgIXRNMLw89L4pIUNS9ZinY3FFQGc7gqb/KMSl8kzE/u6NDBuXylHenxAjUVgIx092L0vWdSCJRsNnWHOPFOWSM5rdKw4XUW9BMwXrvV03Wkj7MgHYEcU/8459vqO7HQJ40p/n4wSqHfXlkVLo3wEy9i+vKhhbOST1m6YKozCC70pfr+xb5mNJEPeFJpt1/G7dJz thach@ubuntu
And you save this public key up VPS.
3. Save public key up VPS
Now, you log on VPS that you should want to add the key (usually the root, but if you have multiple user VPS will need to add the key for all users that).
Then type the following command to create folders .ssh / and authorized_keys file in the folder:
mkdir ~/.ssh
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys
Then open the file authorized_key in folder .ssh in the root folder of user and copy all characters of public key.
Note:
SSH Key will not work if you are enabling SELinux. Please disable SELinux go by opening the file / etc / selinux / config, search SELINUX = enforcing and replace by SELINUX = disabled. Then type the command "reboot " to reboot the server. If you use Centminmod, you can't off SELinux because it was disable before.
To check if it worked yet, please sign in to the SSH with user that you added SSH Key. If you log in by Linux it will ask keypharse of you. If you log in by Windows with software as PuTTY. You must point file Private Key to authentication.
If you using MobaXterm, you must point in Advanced SSH Settings, part Use Private Key.
Now you log in and it will ask Keypharse (If you have put Keypharse), If you haven't put Keypharse, it will lead to server.
4. Disable using password.
After checking, If you can log on to the server by SSH Key, you can disable the use of password. Because if you not shut down, the attacker still Brute Force Attack and you still lose data.
To disable the use of password, you open the file /etc/ssh/sshd_config and edit the values of the parameters as shown below:
PasswordAuthentication no
UsePAM no
Không có nhận xét nào:
Đăng nhận xét