Securing SSH Server

To secure a Linux server's SSH service, there are a few options, which will be discussed on this page.

For using key-based authentication, you can follow these steps:

1. Generate a public/private key pair on your local machine:
   • Open a terminal window and enter the following command: ssh-keygen
   • Follow the prompts to specify the location to save the key pair, and enter a passphrase for the private key (optional).
   • This will generate a public key and a private key in the specified location. The public key is stored in a file with the .pub extension, and the private key is stored in a file with no extension.
2. Copy the public key to the server:
   • Enter the following command to copy the public key to the server, replacing user with the username on the server and server_hostname_or_IP with the hostname or IP address of the server:
   • ssh-copy-id user@server_hostname_or_IP
   • You will be prompted to enter the password for the user on the server.
   • This will copy the public key to the server and append it to the authorized_keys file in the ~/.ssh directory of the user's home directory on the server.

1. Disable password-based authentication:
   • Edit the /etc/ssh/sshd_config file on the server and set the PasswordAuthentication option to no. This will disable password-based authentication for the SSH service on the server.
   • Save the file and restart the SSH service by running the following command: systemctl restart ssh
2. Test the key-based authentication:
   • From your local machine, try connecting to the server using the ssh command and the private key file:
   • ssh -i /path/to/private_key user@server_hostname_or_IP

If the connection is successful, you have successfully set up key-based authentication for the server's SSH service.