Debian/OpenSSH || SSH Key-Pair Authentication
-
Configure SSH server to login with Key-Pair Authentication.
Create a private key for client and a public key for server to do it.
Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows.root@AWX0708:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:pqzEJ90xi63D5M9GqH/iG3fDOjc53XXK1nqS/1rnPUI root@AWX0708 The key's randomart image is: +---[RSA 3072]----+ | | | | | | | | | .S | | . oo*.= E o| | +=B.= +o.o =+| | ..+==+o=...B+=| | .o=B+o o .+*B| +----[SHA256]-----+ root@AWX0708:~#root@AWX0708:~# ls -l ~/.ssh total 20 -rw-r--r-- 1 root root 566 Jun 1 05:03 authorized_keys -rw------- 1 root root 2602 Nov 2 16:09 id_rsa -rw-r--r-- 1 root root 566 Nov 2 16:09 id_rsa.pub -rw------- 1 root root 2684 Nov 2 16:05 known_hosts -rw------- 1 root root 1848 Nov 2 16:05 known_hosts.old root@AWX0708:~#Transfer the private key created on the Server to a Client, then it's possible to login with Key-Pair authentication.
ssh-copy-id username@remote_hostif ssh-copy-id is not available use plain ssh:
cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"OPTIONAL:
Disable Password Authentication on your Serversudo nano /etc/ssh/sshd_config ... PasswordAuthentication no ...this will disable it for all users, to only restrict specific users try matching;
Try Match in sshd_config:Match User user1,user2,user3,user4 PasswordAuthentication noOr by group:
Match Group users PasswordAuthentication noOr by negation:
Match User !root PasswordAuthentication noReload the SSH service for changes to take affect.
sudo systemctl reload ssh
