The Safest Way To Connect To Linux Via Command Line

Safe and Secure SSH Connections

In a modern world where cyber-warfare is common place and every-day users are targets from organised crime, it goes without saying that you are likely to run into problems rather quickly if you don't use every available means of security.

The scope of this article is to connect via SSH Keys however you should also be doing some other more mundane tasks like encrypting the connection (preferably with a VPN on your router) and using altered ports, plus limiting access to SSH users, if you have them.

So what is the safest way to connect to your remote Linux OS distribution, by command line? Well quite simply, it is done with SSH Keys which you generate so that the connection can be established. These keys are then used as a form of password and where the remote user has these pre-generated keys on their system, SSH shares them and if allowed, serves the connection.

Generating Your Keys

From command line on the machine you are connecting from, do the following:

ssh-keygen - Leave as default values

This creates files inside your home directories .ssh folder. This is a hidden folder that you usually don't need access to. To see what's inside, do ls .ssh from your home path.

Now, do the following, from your home path:

cat .ssh/id_rsa.pub

This is your public password. Share this with unlimited amounts of remote servers and while you are using this account, you will have access.

Sharing Your Keys

On a mundane level, you can provide the key you generated via any method you like, only your machine and account will be able to use it.

Now, take the output of cat .ssh/id_rsa.pub, and do echo "key-here" >> .ssh/authorized_keys and voila, the magic is done. You can now do ssh user@example.com, password-free.

So that's one way of achieving passwordless login via SSH, although there is an easier way. Do:

ssh-copy-id user@example.com

This will auto-install the keys for you, assuming you can connect to the server via SSH using other authentication methods - such as password.

Removing Keys

To remove access to a users account, do vi .ssh/authorized_keys and delete the line corresponding to the users account.

It really is that simple!

Voila

Congratulations, you're all set up! Don't forget, while it is perfectly safe to share your id_rsa.pub key, do so with caution. Using it on your website homepage may attract unwanted attention!

Peace.


Related posts

Published by

Linux Bash

Linux Bash

Providing immersive and explanatory content in a simple way anybody can understand.