Sakura VPS Ubuntu public key cryptography settings

Introduction

Put public key cryptography on Ubuntu server on VPS (Sakura's VPS (Virtual Private Server)). Ubuntu version: 18.04.5

Login / user creation / authorization

Work from a Mac PC terminal or a tool such as Tera Term $ ssh ubuntu @ [IP address] $ sudo adduser [User name] $ sudo gpasswd -a [Username] sudo

Public key cryptography settings

Public key creation and placement

Create a key pair and store the private key on the local PC and the public key on the server. $ mkdir ~ / .ssh #Create folder on server $ ssh-keygen -t rsa #Create key locally (no passphrase) $ ssh-copy-id -i ~ / .ssh / id_rsa.pub [User name] @ [IP address] # Place public key locally on server /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/xxxxxxxxxxx/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1 
 Now try logging into the machine, with: "ssh'[User name] @ [IP address]'" and check to make sure that only the key(s) you wanted were added. #Public key creation and placement completed

Check the public key on the server. $ cat ~ / .ssh / authorized_keys #run on server ssh-rsa ****** Public key information ****** 
 Check the private key on your local PC. $ cat ~ / .ssh / id_rsa #Run on local PC -----BEGIN OPENSSH PRIVATE KEY----- ****** Private key information ******

Key permission settings

$ chmod 700 .ssh $ chmod 600 .ssh/authorized_keys

Pre-backup of sshd_config

When logging in with ssh, password login is prohibited and only login with the public key with [User name] is allowed. I will mess with the config file, so back up the file just in case. $ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.old

Edit sshd_config (vi mode)

$ sudo vi /etc/ssh/sshd_config

In vi mode, delete the comment out'#' at the beginning of the item you want to enable, rewrite the setting value (yes, no, etc.) at the end and save. PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no PermitEmptyPasswords no AllowUsers [User name] 
 $ sudo systemctl restart sshd # reflect command. Keep connected sessions just in case

Log in as user [User name] using private key

Make sure you can log in to the server with your private key without entering a password. $ ssh [User name] @ [IP address] -i ~ / .ssh / id_rsa

Make sure you can't log in on Ubuntu. $ ssh Ubuntu @ [IP address]

Register the public key of a member other than yourself

Register the public key of the member so that members other than yourself can log in to the server. $ sudo vi ~/.ssh/authorized_keys ssh-rsa AAAABBB……XXX== ssh-rsa AAAACCC……XXX== ssh-rsa AAAADDD …… XXX == #… Register multiple keys like this.

the end.

Recommended Posts

Sakura VPS Ubuntu public key cryptography settings
Settings for SSH connection from Windows to Ubuntu using public key authentication