feat: add SSH Public Key Authentication config
This commit is contained in:
parent
a5fc3f43cb
commit
e36e4df774
|
@ -11,7 +11,7 @@ sudo npm i -g pm2
|
|||
```
|
||||
|
||||
* create group and user ```pm2```
|
||||
following this [setup](create-grp-usr.md)
|
||||
following this [setup](grp-usr.md)
|
||||
|
||||
* generate the startup script\
|
||||
**NOTE:** This instruction comes back with a reply like ```To setup the Startup Script, copy/paste the following command: sudo env PATH=$PATH:/usr/bin pm2 startup systemd -u <pm2 system service> --hp <pm2 installation home path>```
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
# Public Key Authentication
|
||||
|
||||
* login on the server using password\
|
||||
NOTE: Leave this terminal/shell always open until this configuration is successfully validated. This is a backup connection to your server using password in case the public key authentication fails.
|
||||
```
|
||||
ssh -p<tbd> <user>@<host name>
|
||||
```
|
||||
|
||||
* open the **sshd_config** file using a text editor like this
|
||||
```
|
||||
sudo vi /etc/ssh/sshd_config
|
||||
```
|
||||
|
||||
* in this file, make sure the following options are set as follows
|
||||
```
|
||||
PermitRootLogin no
|
||||
PubkeyAuthentication yes
|
||||
#GSSAPIAuthentication yes
|
||||
#GSSAPICleanupCredentials no
|
||||
UsePAM yes
|
||||
```
|
||||
|
||||
* save this file and restart sshd service
|
||||
```
|
||||
sudo systemctl restart sshd
|
||||
```
|
||||
|
||||
* navigate to your local host home folder and check permissions
|
||||
```
|
||||
cd ~
|
||||
ls -ld
|
||||
chmod 0700 ~
|
||||
ls -ld
|
||||
```
|
||||
|
||||
* navigate to the **.ssh** folder and check permissions
|
||||
```
|
||||
cd ~/.ssh
|
||||
ls -ld
|
||||
chmod 0700 ~/.ssh
|
||||
ls -ld authorized_keys
|
||||
chmod 0600 ~/.ssh/authorized_keys
|
||||
```
|
||||
|
||||
* copy your existing local host public key on the server
|
||||
```
|
||||
ssh-copy-id -p<tbd> <user>@<host name>
|
||||
```
|
||||
|
||||
* login on the server using public key authentication
|
||||
```
|
||||
ssh -p<tbd> <user>@<host name>
|
||||
```
|
||||
|
||||
* if you completed public key authentication successfully,
|
||||
you may savely close the terminal/shell running the open password-based login
|
|
@ -0,0 +1,5 @@
|
|||
/*
|
||||
* SPDX-FileCopyrightText: 2022 Software Ingenieur Begerad <swingbe.de>
|
||||
*
|
||||
* SPDX-License-Identifier: CC0-1.0
|
||||
*/
|
|
@ -1,5 +1,7 @@
|
|||
# Enable SSH Server
|
||||
|
||||
## General
|
||||
|
||||
* install ssh server
|
||||
```
|
||||
sudo -l
|
||||
|
@ -16,7 +18,6 @@ sudo vi /etc/ssh/sshd_config
|
|||
sudo systemctl restart sshd
|
||||
````
|
||||
|
||||
* set up public key authentication by copying existing key
|
||||
```
|
||||
ssh-copy-id -p<tbd> <user>@<host name>
|
||||
```
|
||||
## Public Key Authentication
|
||||
|
||||
Follow [this](./ssh-pub-key-auth.md) guide to configure public key authentication.
|
||||
|
|
Loading…
Reference in New Issue