Jump to content

SSH Key Authentication on Debian 7


Recommended Posts

Thankfully, we have the tutorial for FreeBSD by Shogun here: http://metin2dev.org/board/topic/183-basic-ssh-security/
 
Today's example should work on Unbuntu and some other OS as well. This example is based off Debian 7 Wheezy. It's almost an identical process.
 
1. Add the new user account and restrict sudo usage. Be root user before continuing!

# adduser roman

This will prompt the user for input, you can leave it all default. Type in a password when prompted.

# nano /etc/pam.d/su

Go down and uncomment the following line:

#auth       required pam_wheel.so

CTRL+X, Y, Enter.
 
2. Permit the new user account to use the wheel group with root privileges:

# groupadd wheel
# usermod -G wheel roman

3. Create your private key and configure WinSCP to use it.

# cd /home
# chown -R roman:wheel roman/
# su roman
# ssh-keygen

Accept all defaults with enter.

# cd roman/.ssh
# mv id_rsa.pub authorized_keys
# cat id_rsa

Copy the entire output (including the comments) by highlighting it in PuTTy then paste it into a text file and save it. Download this program: 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Run puttygen and click "Load" then select "All Files" from the file dialog and select the text file you saved the key to. Click "Save Private Key" and select "Yes" on the popup regarding password.

 

Now open WinSCP and add a new connection with the same IP address but with the new user name (in our example, "roman"). Click "Advanced" then click "Authentication". Click the three dots ("...") and select the ppk file you saved using puttygen. Click "OK" then save your connection.

 

4. Disable root login and password authentication.

# su root

Enter the root password when prompted.

# nano /etc/ssh/sshd_config

Go down to the line called "PermitRootLogin" and change it's value to "no".

Go down to the line called "PasswordAuthentication" and change it's value to "no". Uncomment this line.

CTRL+X, Y, Enter.

 

Now restart the ssh service and you're done.

# service ssh restart

If you're unsure about what you're doing, I recommend leaving an extra root terminal open in PuTTy so if something goes wrong you can reverse your changes.

  • Love 1
  • Good 1
Link to comment

If you can make it run on linux, sure.

 

Otherwise you may choose to run website/patcher or other things on it that are needed for your server such as a seedbox for torrents or another http download mirror.

Link to comment
  • 5 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.