Basic openssh server/client configuration with ssh keys
How to basically configure openssh server for an ok security level. Be careful not to lock yourself out of your server.
Install openssh
apt-get install openssh-server if you don't have it running already.
Set up ssh keys
As a regular user on the machine you use to control your server type cd ~/.ssh then ssh-keygen if you have no previously set up keys, go for default options. If you have, change the defaults. You will be asked for a passphrase, this is optional but recommended. The key will be protected by the passphrase.
To copy public key to your server ssh-copy-id -i id_rsa userx@server or edit remote ~/.ssh/authorized_keys and add content from private key file.
Set up local ssh config to use keys
Local configuration nano ~/.ssh/config
Host VPS HostName designdesk.org IdentityFile ~/.ssh/vps User userx Host server1 HostName 192.168.0.17 IdentityFile ~/.ssh/id_rsa User userx Port 3342 Host server2 HostName 192.168.0.12 IdentityFile ~/.ssh/server2 User userz
Then simply use ssh VPS or ssh server1 ect...
ssh-keygen -p to change passphrase from the key
ssh -i PATH/TO/PRIVATE_KEY 192.168.0.17 To connect with key without configuration
Configure openssh server
As root nano /etc/ssh/sshd_config
Replace Port 22 with Port 3342 (pick a port of your choice, optional)
Around line 28 replace PermitRootLogin without-password with PermitRootLogin no to disable direct root login via ssh.
A couple lines after that add AllowUsers userx This will allow only userx to login from ssh. Use carefully.
Around line 52 replace #PasswordAuthentication yes with PasswordAuthentication no
This disables password authentification. Make sure ssh key login works before you set it that way.
For faster login add UseDNS no at the end
Apply new configuration /etc/init.d/ssh restart