SSH, Permissions and Security
- Harden Access
- Setup SSH Authentication for Git Bash on Windows - Configure SSH for Git Hosting Server.
- Trouble Shooting
Syntax | Action |
---|---|
source ~/.bash_aliases | reload the Bash aliases |
Harden Access
It is generally recommended to add authorized_keys to a specific user rather than the root user. Adding authorized_keys to a regular user account allows that user to log in to the server using SSH without requiring a password. This is a more secure approach because it limits the exposure of the server to potential attacks.
By contrast, giving root access to SSH is not considered good security practice as it can increase the risk of a successful attack on the server. If an attacker were to gain access to the root user account, they would have full control over the system, which could result in serious consequences.
In summary, it is best to create a regular user account with SSH access and add the SSH key to that user's authorized_keys file, rather than allowing root access via SSH.
Create SSH Key
# Lists the files in your .ssh directory, if they exist
ls -al ~/.ssh
# generate ssh key (-b 4096 is the key length)
ssh-keygen -b 4096
# view key
cat ~/.ssh/id_rsa.pub
Upload the public key to server
# create directory and set user permissions
mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/
# copy key from local computer
scp ~/.ssh/id_rsa.pub example_user@203.0.113.10:~/.ssh/authorized_keys
Disable Root Access and Password Access
# disable passwords in sshd_config
sudo nano /etc/ssh/sshd_config
# update to
PubkeyAuthentication yes
PermitRootLogin no
PasswordAuthentication no
# restart ssh service
sudo service sshd restart
Setup SSH Authentication for Git Bash on Windows
https://gist.github.com/bsara/5c4d90db3016814a3d2fe38d314f9c23
In the .ssh
directory, Create the following files if they do not already exist:
- .ssh/config
- .bash_profile
- .bashrc
Configure SSH for Git Hosting Server.
Add the following text to .ssh/config
Host 114.142.160.30
HostName 114.142.160.30
IdentityFile ~/.ssh/id_rsa_nbw
Trouble Shooting
known_hosts
Can't add to Manually add the 'host' to the known_hosts
file
ssh-keyscan -t ed25519 170.187.240.29 >> ~/.ssh/known_hosts