Open DevShivmohan opened 2 years ago
ssh-keygen
in linux terminal of your local machinebinay@binay-ThinkPad-E480:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/binay/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/binay/.ssh/id_rsa
Your public key has been saved in /home/binay/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:R82EA9tJ5mo89yJj9cVPji5ukuQV8fCM8O4CsskM5XM binay@binay-ThinkPad-E480
The key's randomart image is:
+---[RSA 3072]----+
| ..o.. |
| *+=o |
| . =+oB |
| .. o +.+ |
| o S +. .o .|
| . +.E=.oo. = |
| + *++.+o . o|
| =. o=.+. |
| =... |
+----[SHA256]-----+
cat ~/.ssh/id_rsa.pub
on your local machine terminalbinay@binay-ThinkPad-E480:~$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCx+WP0Wac1DAGUeENrRq9kvEd9/5PcWqrbuNplKZIEY/eO9Y7/4i8woLtXoIQArtk/5PRWVJAZdlr9lXIbpMK9ZvyWhDlEI5zelpvGa0F4xLkcuWXGamaVZvpHgtd4UuUeb+6O6R/c7mdzE2DuvbV/M40CXgrqzZG0ewhpD7/93XE2YIJyzJqazPKh7n6GUKRXGIOKn/AhPsYoI6iAnAYUBQbdyjz76wvnRGDF37hnlblK4BPhnBh458S+ryXmBLqXBdCYsX6F9oVhsqSO1uPim+Pjc+AowgjF1OecO6bd4NMQt95uNreZZz4dnSrdd6Y8KDIr8ZPviX//9CI9wamarLJdKvXAkRpchfYj0suIJSqX20gIM/VvByJ2CbDN9kLJWrurUDk0QjHVEq+xwLd/3k//zotvhx01xFWHiORlKlYLU/4x2VSqOze+1lEbxfGe/77zQoVkE5/b7bGKQPo3ZT8EXZPus= binay@binay-ThinkPad-E480
How to check which key was used to access the server
Login to server
Type sudo cat /var/log/auth.log in terminal
System displays the following
an 6 12:28:45 ubuntu-s-1vcpu-1gb-blr1-01 sshd[2120]: Connection from 49.37.5.172 port 51182 on 159.65.158.191 port 50162 rdomain "" Jan 6 12:28:46 ubuntu-s-1vcpu-1gb-blr1-01 sshd[2120]: Accepted key RSA SHA256:R82EA9tJ5mo89yJj9cVPji5ukuQV8fCM8O4CsskM5XM found at /home/lattice/.ssh/authorized_keys:1 Jan 6 12:28:46 ubuntu-s-1vcpu-1gb-blr1-01 sshd[2120]: Postponed publickey for lattice from 49.37.5.172 port 51182 ssh2 [preauth] Jan 6 12:28:46 ubuntu-s-1vcpu-1gb-blr1-01 sshd[2120]: Accepted key RSA SHA256:R82EA9tJ5mo89yJj9cVPji5ukuQV8fCM8O4CsskM5XM found at /home/lattice/.ssh/authorized_keys:1 Jan 6 12:28:46 ubuntu-s-1vcpu-1gb-blr1-01 sshd[2120]: Accepted publickey for lattice from 49.37.5.172 port 51182 ssh2: RSA SHA256:R82EA9tJ5mo89yJj9cVPji5ukuQV8fCM8O4CsskM5XM
R82EA9tJ5mo89yJj9cVPji5ukuQV8fCM8O4CsskM5XM is encrypted key of the public key of user
To match it with authorized keys in the system
Create indivdual file of each key say key1.pub
Naviagte to folder where the file key1.pub is created
Run the command ssh-keygen -l
It will prompt to enter file name enter the file name key1.pub till you find a match with the encrypted key from log
Step 1
ssh [root@159.65.158.191](mailto:root@159.65.158.191) (use the server IP assigned). On password prompt enter password created at the time of droplet creation
Step 2
adduser < username >
in terminalStep 3
usermod -aG sudo lattice
in terminal . Use the username created in above step in place oflattice
Step 4 : Copy local key to server (first time)
su - lattice
where lattice is the username createdmkdir ~/.ssh chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys
authorized_keys
filechmod 600 ~/.ssh/authorized_keys
Step 5 : Disable password login
sudo nano /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
andChallengeResponseAuthentication no
LogLevel VERBOSE
sudo systemctl reload sshd
for the changes to take placeStep 6 : Change default ssh port number
sudo nano /etc/ssh/sshd_config
on remote server terminal#Port 22
49152-65535
sudo systemctl reload sshd
for the changes to take placessh username@userIP -p 49160
-p argument as to pe passed after default port is changedNote