Basic openssh server/client configuration with ssh keys
How to basically configure openssh server for an ok security level. Be careful not to lock yourself out of your server.
apt-get install openssh-server if you don't have it running already.
Set up ssh keys
As a regular user on the machine you use to control your server type
cd ~/.ssh then
ssh-keygen if you have no previously set up keys, go for default options. If you have, change the defaults. You will be asked for a passphrase, this is optional but recommended. The key will be protected by the passphrase.
To copy public key to your server
ssh-copy-id -i id_rsa userx@server or edit remote
~/.ssh/authorized_keys and add content from private key file.
Set up local ssh config to use keys
Host VPS HostName designdesk.org IdentityFile ~/.ssh/vps User userx Host server1 HostName 192.168.0.17 IdentityFile ~/.ssh/id_rsa User userx Port 3342 Host server2 HostName 192.168.0.12 IdentityFile ~/.ssh/server2 User userz
Then simply use
ssh VPS or
ssh server1 ect...
ssh-keygen -p to change passphrase from the key
ssh -i PATH/TO/PRIVATE_KEY 192.168.0.17 To connect with key without configuration
Configure openssh server
Port 22 with
Port 3342 (pick a port of your choice, optional)
Around line 28 replace
PermitRootLogin without-password with
PermitRootLogin no to disable direct root login via ssh.
A couple lines after that add
AllowUsers userx This will allow only userx to login from ssh. Use carefully.
Around line 52 replace
#PasswordAuthentication yes with
This disables password authentification. Make sure ssh key login works before you set it that way.
For faster login add
UseDNS no at the end
Apply new configuration