How to secure your server with private key login authentication. (As like AWS EC2)

How to secure your server with private key login authentication. (As like AWS EC2) post thumbnail image

If you already using EC2 instances on AWS then you aware of how to access the EC2 machine. Whenever you create a new instance on AWS you need to create a new key (or use an existing old key) to login to your server through SSH.

This private key has a .pem extension, with this private key you can log in to your remote server without any password. So If anyone wants to access your server they should have this private key. You can also implement the same secure connection on your own Linux servers or VMs.

Before generating keys you need change some settings on /etc/ssh/sshd_config file. Open file make sure these two lines are configured as showing below.

[linoide@linoide ~]$ sudo vim /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes

Warning: If you don’t have physical access of your remote server then don’t logout before completing this full process. Because you are disabled login with password authentication as NO. You can’t access your server using ssh if you logged out before completing ssh key process.

Now run “su” on remote server with the user in which you want to generate private key.

Step 1: Generate SSH key on server using below command.

# ssh-keygen -t rsa 

It will prompt for key location and passphrase. If you want change them you can or else keep as default.

Step 2: Now copy generated public key to authorized_keys list.

# cat /home/linoide/.ssh/id_rsa.pub >> /home/linoide/.ssh/authorized_keys

Step 3: Set permissions for the files

# chmod 644 /home/anand/.ssh/authorized_keys

Step 4: Now you have to download private key to your local machine. Before that, rename your file as “filename.pem” format.

# scp -r /home/linoide/.ssh/linoide.pem root@<yourserver-ip>:/root/

Step 6: Now login with private key to remote server without password.

You can see in the above image that linoide host logged in from localhost without asking any password.

Suggestions: If you want more secure your connection then you can also change the default port(22) of SSH to any custom port.

How to login with private key using PUTTY.

What if you need to login your remote server from windows server!!

We all use well known PUTTY tool for that. Here we will discuss how to login with private key using PUTTY.

Open PuTTY Key Generator on windows and upload your private .pem file.

Open putty key generator >> Load >> choose file

After file upload, a pop-up will come on display as shown in the below image.

Now download private key by clicking on “save private key”.

Now you are ready to login your host using private key on via PuTTY. Open putty and provide user name and host details.

Extract “SSH” on the left side bar and click on “Auth”

Upload your private key which we generated by PuTTY key generator. And click on “Open” button.

That’s it!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post