Jump to content

SSH Key Authentication on Debian 7

Rumor

By Rumor,
in Operating Systems

 Share

Recommended Posts

Rumor Mentor

Rumor 2547

Posted
Posted

Thankfully, we have the tutorial for FreeBSD by Shogun here: http://metin2dev.org/board/topic/183-basic-ssh-security/
 
Today's example should work on Unbuntu and some other OS as well. This example is based off Debian 7 Wheezy. It's almost an identical process.
 
1. Add the new user account and restrict sudo usage. Be root user before continuing! 

# adduser roman

This will prompt the user for input, you can leave it all default. Type in a password when prompted. 

# nano /etc/pam.d/su

Go down and uncomment the following line: 

#auth       required pam_wheel.so

CTRL+X, Y, Enter.
 
2. Permit the new user account to use the wheel group with root privileges: 

# groupadd wheel
# usermod -G wheel roman

3. Create your private key and configure WinSCP to use it. 

# cd /home
# chown -R roman:wheel roman/
# su roman
# ssh-keygen

Accept all defaults with enter. 

# cd roman/.ssh
# mv id_rsa.pub authorized_keys
# cat id_rsa

Copy the entire output (including the comments) by highlighting it in PuTTy then paste it into a text file and save it. Download this program: https://www.puttygen.com/

 

Run puttygen and click "Load" then select "All Files" from the file dialog and select the text file you saved the key to. Click "Save Private Key" and select "Yes" on the popup regarding password.

 

Now open WinSCP and add a new connection with the same IP address but with the new user name (in our example, "roman"). Click "Advanced" then click "Authentication". Click the three dots ("...") and select the ppk file you saved using puttygen. Click "OK" then save your connection.

 

4. Disable root login and password authentication. 

# su root

Enter the root password when prompted. 

# nano /etc/ssh/sshd_config

Go down to the line called "PermitRootLogin" and change it's value to "no".

Go down to the line called "PasswordAuthentication" and change it's value to "no". Uncomment this line.

CTRL+X, Y, Enter.

 

Now restart the ssh service and you're done. 

# service ssh restart

If you're unsure about what you're doing, I recommend leaving an extra root terminal open in PuTTy so if something goes wrong you can reverse your changes.

  • Metin2 Dev 1
  • Good 1
  • Love 1
Link to comment
Share on other sites
  • Replies 3
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Rumor
Rumor

Thankfully, we have the tutorial for FreeBSD by Shogun here: http://metin2dev.org/board/topic/183-basic-ssh-security/   Today's example should work on Unbuntu and some other OS as well. This examp

  • 5 years later...
 Share
Go to topic listing

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.