Howto: Setup and Secure Linux SSH Logins to use Private PEM Keys

Posted on Updated on

One of the most secure way to connect ssh from public is through private Key, the key authentication mechanism won’t allow the attackers to make stress to the ssh service even it won’t allow DDOS or brute force attacks. This is default login type for Amazon EC2 servers, is providing single key for the default user we can add multiple according to the requirement.

Here My requirement is, create a new user and allow the user to login with different key so the user will launch to it own home dir and limited to the privilege. I followed the below steps to create key pair

1, Create key pair from any of the unix system which will generate two keys public and private.

2, Appened the public key to the users ssh authorizedkey file.

3, Keep the private with yor self and pass through along with the ssh connection.

Steps1: Create new User

useradd anand

Step2: Generate the Public/Private key files

ssh-keygen -b 1024 -f anand -t dsa
ls -la anand*
-rw-r--r-- 1 root root 1200 Oct 10 09:57 anand.pub
-rw-r--r-- 1 root root 1812 Oct 10 09:57 anand.pem
Step3: adding key file to the user’s ssh authorized keys
mkdir /home/anand/.ssh
cat anand.pub >>  /home/anand/.ssh/authorized_keys
chmod 600  /home/anand/.ssh/authorized_keys
chmod 700 /home/anand/.ssh/
chown -R anand  /home/anand/.ssh/
Step4: Now Login with the .pem file
ssh -i anand.pem anand@planetcure.in
The authenticity of host 'planetcure.in (54.203.253.9)' can't be established.
RSA key fingerprint is 6b:69:6f:86:94:6a:18:1d:ea:dc:0d:1d:af:9d:2f:66.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'planetcure.in' (RSA) to the list of known hosts.
anand@planetcure.in's password: 
[anand@planetcure ~]$
It seems working fine,
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s