Authorization in a server using a key

Many administrators when they working with servers trying to remember or to write a password. But it’s can be not really safe. And better in any case to setup authorization on a server using a key. How to make it I will tell below:

First of all, we need to make new user. For example, let’s name him servadm. You can choose any name. Adding the user via this command:

# adduser servadm

Create new key (with the name “key” and with empty passphrase):

# ssh-keygen

Copy to your local PC the file “key” with the name ‘server.pem”, then generated files copy to /home/serveradm/.ssh

After that let’s add the key to work:

# chmod -R 777 /home/servadm
# ssh-copy-id -i /home/servadm/.ssh/key.pub servadm@localhost

And then let’s change access to important for login files:

# chown -R servadm /home/servadm/.ssh
# chmod 700 /home/servadm/.ssh/
# chmod 600 /home/servadm/.ssh/authorized_keys

Let’s login through user servadm and change also access to files:

# ssh servadm@localhost
# chmod go-w ~/
# chmod 700 ~/.ssh
# chmod 600 ~/.ssh/authorized_keys

# exit

Then add user servadm to sudo users:

# nano /etc/sudoers

To the end of the file add:

servadm ALL=(ALL) NOPASSWD: ALL

Then restart sudo service:

# /etc/init.d/sudo restart

And after that reconfigure SSH:

# nano /etc/ssh/sshd_config

Change some lines to this:

RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no

PermitRootLogin no

Then uncomment a line with “AuthorizedKeysFile“.

And restart SSH:

# /etc/init.d/ssh restart

Try to connect to server in another terminal using this command:

# ssh -i “C:sshkeysserver.pem” servadm@<server-ip> -p 22

If connected, switch to root:

# sudo -i

That’s it! Enjoy!

(Visited 8 times, 1 visits today)