Allow Login with SSH key only
To enhance the security of our server, we can restrict the login to server with password and also restrict login of root user on that server.
The only way to login to server is via ssh key you provide for your computer only.
What is SSH?
It stands for Secure Socket Shell.
It is a protocol to connecting one computer to another using command line tool or shell on remote system
How to create SSH key?
To create a SSH key you have to type this command on your terminal.
ssh-keygen -t -rsa -b 4096 -C 'anyIdentifyer'
After you create ssh key successfully, you will see something like this.
This will create two file in your .ssh folder. One is id_server and another is id_server.pub.
This id_server is the public key we give to other clients and private key is never shared with others
Now we have to copy this id_server.pub content, so to do that we can write this command
Cat id_server.pub | pbcopy
This 'cat' command open this file and 'pbcopy' command will copy its content to your clipboard.
Now on server, we will go to .ssh folder and open authorized_keys file with vim
~/.ssh # vim authorized_keys
Now you have to paste that ssh key we have copied in this authorized_keys file, then press esc and colon (:) + w + q. This will save and quit from Vim.
Now exit from server, and try to login to server via ssh key by using command below.
ssh -i ~/.ssh/id_server firstname.lastname@example.org
After this command you will not asked for any password and you will logged into server directly. This is very cool.
Now we have to restrict login from root user. To do that we have to create new user. To create a new user in ubuntu server you have to type this command.
This command will create a user called 'bitfumes'. and now to switch to new user just type this command.
sudo su bitfumes
This command will switch to bitfumes user. here Sudo means 'run this command as admin' and su means switch user.
But this user does't have any admin privilege or we can say that this user is not a sudoer.
To make this user as sudoer, firstly switch to root user by using sudo su command and then we have to type this command.
usermod -aG admin bitfumes
This command make bitfumes user as a admin. Now once more switch to bitfumes user by again using sudo su command.
Now we have to allow bitfumes user to login to server via ssh ,So we firstly have to create .ssh folder by using 'mkdir .ssh' command.
Now lets create that authorized_keys file using vim and paste the same ssh public key as we have given to root user. To do that just run this command.
~/.ssh # vim authorized_keys
and similarly as we have done before, lets paste that ssh public key. and then press esc + w + q to save and quit from vim.
Now we can access to server via same ssh key as both root user and also bitfumes user.
But we have to restrict login as root user. To do so login to server as bitfumes user and type this command to open ssh configuration file.
sudo vim /etc/ssh/sshd_config
Now on this file you have to make two things as 'No' .
One is PermitRootLogin and second is passwordAuthentication as shown in the image below.
Now as we have made changes in ssh configuration we have to restart ssh service for our ubuntu server.
sudo service ssh restart
So now if you try to login via root user, you can't. This means the only way to reach your server is via ssh with bitfumes user.
If this post helped you then please share and hit a like button at top.