Allow Login with SSH key only

Avatar
Posted by Sarthak Shrivastava
3 months ago

Overview

To enhance the security of our server, we can restrict the login to server with password and also restrict login of root user on that server.

The only way to login to server is via ssh key you provide for your computer only.

What is SSH?

It stands for Secure Socket Shell.

It is a protocol to connecting one computer to another using command line tool or shell on remote system

How to create SSH key?

To create a SSH key you have to type this command on your terminal.

 ssh-keygen -t -rsa -b 4096 -C 'anyIdentifyer'
 

After you create ssh key successfully, you will see something like this.

This will create two file in your .ssh folder. One is id_server and another is id_server.pub.

This id_server is the public key we give to other clients and private key is never shared with others

Now we have to copy this id_server.pub content, so to do that we can write this command

 Cat id_server.pub | pbcopy
 

This 'cat' command open this file and 'pbcopy' command will copy its content to your clipboard.

Now on server, we will go to .ssh folder and open authorized_keys file with vim

 ~/.ssh # vim authorized_keys
 

Now you have to paste that ssh key we have copied in this authorized_keys file, then press esc and colon (:) + w + q. This will save and quit from Vim.

Now exit from server, and try to login to server via ssh key by using command below.

 ssh -i ~/.ssh/id_server root@120.0.0.1
 

After this command you will not asked for any password and you will logged into server directly. This is very cool.

Now we have to restrict login from root user. To do that we have to create new user. To create a new user in ubuntu server you have to type this command.

 adduser bitfumes
 

This command will create a user called 'bitfumes'. and now to switch to new user just type this command.

 sudo su bitfumes
 

This command will switch to bitfumes user. here Sudo means 'run this command as admin' and su means switch user.

But this user does't have any admin privilege or we can say that this user is not a sudoer.

To make this user as sudoer, firstly switch to root user by using sudo su command and then we have to type this command.

 usermod -aG admin bitfumes
 

This command make bitfumes user as a admin. Now once more switch to bitfumes user by again using sudo su command.

Now we have to allow bitfumes user to login to server via ssh ,So we firstly have to create .ssh folder by using 'mkdir .ssh' command.

Now lets create that authorized_keys file using vim and paste the same ssh public key as we have given to root user. To do that just run this command.

 ~/.ssh # vim authorized_keys
 

and similarly as we have done before, lets paste that ssh public key. and then press esc + w + q to save and quit from vim.

Now we can access to server via same ssh key as both root user and also bitfumes user.

But we have to restrict login as root user. To do so login to server as bitfumes user and type this command to open ssh configuration file.

 sudo vim /etc/ssh/sshd_config
 

Now on this file you have to make two things as 'No' .

One is PermitRootLogin and second is passwordAuthentication as shown in the image below.

Now as we have made changes in ssh configuration we have to restart ssh service for our ubuntu server.

 sudo service ssh restart
 

So now if you try to login via root user, you can't. This means the only way to reach your server is via ssh with bitfumes user.

If this post helped you then please share and hit a like button at top.