onsa
2/4/2017 - 4:10 PM

Handle security keys

Handle security keys

# generate keypair on your LOCAL machine  (https://help.ubuntu.com/community/SSH/OpenSSH/Keys)

  ssh-keygen
  # -t [dsa|ecdsa|ed25519|rsa|rsa1] specifies the encryption protocol
  # -b [bits] specifies the key length
  # -C "[label]" to make key human-identifiable
  # when prompted for directory
  
    ~/.ssh/[keyname]
    
  # enter passphrase for extra security

# restrict permissions otherwise an error is thrown

  sudo chmod 700 ~/.ssh               # 770 if keys are used by a group
  sudo chmod 400 ~/.ssh/[keyname]     # 440 if key is used by a group
  sudo chmod 400 ~/.ssh/[keyname].pub # 440 if key is used by a group

# add public key to SERVER's ~/.ssh/authorized_keys
# set permissions otherwise keys WON'T WORK

  sudo chmod 700 .ssh
  sudo chmod 600 .ssh/authorized_keys
  # if no home directory exists for the user, the location of authorized_keys can be changed in /etc/ssh/sshd_config

# for disabling non-keyed connections, edit /etc/ssh/sshd_config and add/edit the line

  PasswordAuthentication no

# and restart

  sudo service ssh restart