Basic openssh server/client configuration with ssh keys

How to basically configure openssh server for an ok security level. Be careful not to lock yourself out of your server.

Install openssh

apt-get install openssh-server if you don't have it running already.

Set up ssh keys

As a regular user on the machine you use to control your server type cd ~/.ssh then ssh-keygen if you have no previously set up keys, go for default options. If you have, change the defaults. You will be asked for a passphrase, this is optional but recommended. The key will be protected by the passphrase.

To copy public key to your server ssh-copy-id -i id_rsa userx@server or edit remote ~/.ssh/authorized_keys and add content from private key file.

Set up local ssh config to use keys

Local configuration nano ~/.ssh/config

Host VPS
IdentityFile ~/.ssh/vps
User userx

Host server1
IdentityFile ~/.ssh/id_rsa
User userx
Port 3342

Host server2
IdentityFile ~/.ssh/server2
User userz

Then simply use ssh VPS or ssh server1 ect...

ssh-keygen -p to change passphrase from the key

ssh -i PATH/TO/PRIVATE_KEY To connect with key without configuration

Configure openssh server

As root nano /etc/ssh/sshd_config

Replace Port 22 with Port 3342 (pick a port of your choice, optional)

Around line 28 replace PermitRootLogin without-password with PermitRootLogin no to disable direct root login via ssh.

A couple lines after that add AllowUsers userx This will allow only userx to login from ssh. Use carefully.

Around line 52 replace #PasswordAuthentication yes with PasswordAuthentication no

This disables password authentification. Make sure ssh key login works before you set it that way.

For faster login add UseDNS no at the end

Apply new configuration /etc/init.d/ssh restart