Step-by-step instructions to secure your Linux VPS with SSH key-based authentication.
Introduction
Securing your SSH connection protects your Linux VPS from unauthorized access. This guide will show you how to set up SSH key-based authentication, which provides a more secure way to connect to your server than password-based authentication.
Step 1: Generate SSH Key Pair
Generating an SSH key pair on your local machine involves creating a pair of cryptographic keys—a public key and a private key.
On Your Local Machine, Generate SSH Keys:
Open your terminal on your local machine and run the following command to generate a new SSH key pair:
ssh-keygen -t rsa -b 4096 -C "[email protected]"This command creates a 4096-bit RSA key pair. Replace “[email protected]” with your actual email address.
Save the Key Pair:
Follow the prompts to save the key pair to a secure location on your local machine. By default, the keys are saved in the ~/.ssh directory. You will be asked to provide a file name and a passphrase for added security. Press Enter to use the default file name.
Step 2: Copy the Public Key to VPS
Next, you need to transfer the public key to your VPS so that it can recognize and authenticate your key.
Use SSH-Copy-ID:
Use the ssh-copy-id command to copy your public key to the VPS:
ssh-copy-id username@your_vps_ipReplace username with your VPS username and your_vps_ip with the IP address of your VPS. This command appends your public key to the ~/.ssh/authorized_keys file on your VPS.
Step 3: Configure SSH on VPS
Configure the SSH daemon on your VPS to enhance security by enabling key-based authentication and disabling password-based authentication.
Edit SSH Config File:
Open the SSH configuration file on your VPS:
sudo nano /etc/ssh/sshd_config Locate the following lines and make sure they are set as shown:
PasswordAuthentication no
PubkeyAuthentication yes
This disables password authentication and ensures public key authentication is enabled.
Restart SSH Service:
After making changes to the SSH configuration file, restart the SSH service to apply the changes:
sudo systemctl restart sshConclusion
Your Linux VPS is now secured with SSH key-based authentication. Only users with the corresponding private key can access your server, significantly enhancing its security. Be sure to keep your private key secure and never share it with anyone.