설명이 약간 부족한데, 아마도 public key 는 sshd 가 돌아가는 server에 올리고 private key 는 local 에서 저장한 다음 사용하는 거겠지???
Setup SSH server on Ubuntu 14.04
Step 1 – Update repositories.
root@mail:/# apt-get update
root@mail:/# apt-get upgrade
Step 2 – Install SSH Server
root@mail:/# apt-get install openssh-server
Basic Configuration
Step 3 – After installation I will show how to configure ssh server. Open ssh config file with the following command:
root@mail:/# nano /etc/ssh/sshd_config
Step 4 – If you want to change ssh port you have to find ‘Port’ line and change the number of the port. For example I will change to 22222.
Port 22222
Step 5 – I will set max login attempts to be 3. After 3 wrong login attempts you will disconect. This is very important for security of your server and this can be used for prevention from brute force attack (see my Theme 4). Add this line bellow Port:
MaxAuthTries 3
Step 6 – Allow certain users to login on your server and deny all other users. I will add ‘zimbra’ users because my Zimbra Mail Serve should have access. For more information about Zimbra Mail Server configuration read theme 12. Add the following line at the end of the file and after that save the file /etc/ssh/sshd_config.
AllowUsers mslavov zimbra
Step 7 – Restart ssh service with the following command:
root@mail:/# service ssh restart
Now only this two users will have access to your server.
Advanced Configuration
I will show you How To Configure SSH Key-Based Authentication on a Linux Server
In my opinion this is the best way to protect from unauthorised access to your server. Unfortunately this is not the most convenient one, because you have to bring the key with you. My advice is to use the configuration shown above.
Step 8 – Create folder, change permission and navigate to new folder with the following commands:
root@mail:/# mkdir .ssh/; chmod 700 .ssh/; cd .ssh/;
Step 9 – Create folder, change permission and navigate to new folder with the following commands:
root@mail:/.ssh# touch authorized_keys; chmod 600 authorized_keys
Step 10 – Show new files.
root@mail:/.ssh# ls -ltra
Step 11 – Generate Keys – If you ‘Enter passphrase’ you must remember it and use it in the following steps:
Step 12 – Append the public key to authorized_keys and remove the uploaded copy.
root@mail:/.ssh# cat id_rsa.pub >> authorized_keys
Step 13 – Edit the ssh server config file with nano /etc/ssh/sshd_config to make sure that public key authentication is enabled (it should be enabled by default):
root@mail:/.ssh# nano /etc/ssh/sshd_config
Step 14 – These entries must be set to YES.
RSAAuthentication yes
PubkeyAuthentication yes
Step 15 – The following settings should be set to NO:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
Step 16 – Restart ssh service with the following command:
root@mail:/.ssh# service ssh restart
Step 17 – Now you must get private key code.
root@mail:/.ssh# nano /root/.ssh/id_rsa
Step 18 – Paste in notepad and save without extension
Step 19 – When you connect to your server you must browse your ‘id_rsa.ppk’ file in putty.
이 페이지는 과정을 조금 더 자세히 설명한다.