SSH password authentication can be considered as a major security risk to servers because it is susceptible to brute-force attacks and could give anyone unauthorized access to your servers.
For Example in AWS, SSH with pem key is the default login type for EC2 servers but Amazon’s interface only creates a single user account. In this blog, we will talk about how to setup additional pem keys which will allow you to securely login with additional users and this configuration is applicable to non-EC2 servers (either your local server or servers hosted on other public clouds) as well.
On Server :
First,you have to login server using ssh with the default user account and then create a new user :-
1 |
adduser myuser |
Optional : You have to make an entry in sudoers file if you want to assign root access to this user. Run the following command :-
1 |
sudo visudo |
Add this to the list line of the file opened :-
1 2 3 |
myuser ALL=(ALL:ALL) ALL |
To generate public and private keys for this user, run the following commands :-
1 2 3 4 5 |
su - myuser ssh-keygen -b 1024 -f myuser -t rsa |
Here, -b flag stands for number of bits, -f is for output key file name and -t defines the encryption type.
This command will generate two key files named myuser and myuser.pub where ‘myuser’ is your private key and ‘myuser.pub’ is your public key. The next step is to copy public key into authorized keys. Run the following commands :-
1 2 3 4 5 |
mkdir .ssh cat myuser.pub >> .ssh/authorized_keys |
Change permissions :-
1 2 3 |
chmod 700 .ssh chmod 600 .ssh/authorized_keys |
On local system :
You will now have to download or copy the contents of file “myuser” which is your private key file to local system. We’ve saved this file as myuserprivatekey.pem but remember that you can rename this file accordingly.
SSH connection to server with the new user :
1 2 3 |
ssh myuser@52.48.34.150 -i myuserprivatekey.pem |
where 52.48.34.150 is the public IP address of EC2 instance.
SFTP access to server using filezilla :
In order to get SFTP access to your EC2 server for secure file transfer, you will first have to convert your private pem file to ppk file.Here, we will do so by using ‘puttygen’ tool for which the package ‘putty-tools’ should be installed on ubuntu. Run the following command :-
1 2 3 |
apt-get install putty-tools |
To convert PEM file to PPK :-
1 2 3 |
puttygen myuserprivatekey.pem -o myuserprivatekey.ppk -O private |
where, myuserprivatekey.pem is your private pem key file, myuserprivatekey.ppk is the output ppk file.
-o Tells it where to write out the converted putty private key. -O private Tells it that you want a putty private key (as opposed to the other output formats it can produce).
Now, you need to simply import this file to filezilla. Select the logon mode interactive and once you supply host IP address/name and username, you will be connected to your dedicated server and get access to all the files and directories.
IN CASE OF ANY QUERY, PLEASE CONTACT US
1 comments