feat: add SSH Public Key Authentication config

2022-03-09 14:27:43 +01:00 · 2022-03-09 14:27:43 +01:00 · e36e4df774
parent a5fc3f43cb
commit e36e4df774
4 changed files with 67 additions and 5 deletions
--- a/doc/pm2.md
+++ b/doc/pm2.md
@ -11,7 +11,7 @@ sudo npm i -g pm2
 ```

 * create group and user ```pm2```
-following this [setup](create-grp-usr.md)
+following this [setup](grp-usr.md)

 * generate the startup script\
  **NOTE:** This instruction comes back with a reply like ```To setup the Startup Script, copy/paste the following command: sudo env PATH=$PATH:/usr/bin pm2 startup systemd -u <pm2 system service> --hp <pm2 installation home path>```
--- a/doc/ssh-pub-key-auth.md
+++ b/doc/ssh-pub-key-auth.md
@ -0,0 +1,56 @@
+# Public Key Authentication
+
+* login on the server using password\
+NOTE: Leave this terminal/shell always open until this configuration is successfully validated. This is a backup connection to your server using password in case the public key authentication fails.
+```
+ssh -p<tbd> <user>@<host name>
+```
+
+* open the **sshd_config** file using a text editor like this
+```
+sudo vi /etc/ssh/sshd_config
+```
+
+* in this file, make sure the following options are set as follows
+```
+PermitRootLogin no
+PubkeyAuthentication yes
+#GSSAPIAuthentication yes
+#GSSAPICleanupCredentials no
+UsePAM yes
+```
+
+* save this file and restart sshd service
+```
+sudo systemctl restart sshd
+```
+
+* navigate to your local host home folder and check permissions
+```
+cd ~
+ls -ld
+chmod 0700 ~
+ls -ld
+```
+
+* navigate to the **.ssh** folder and check permissions
+```
+cd ~/.ssh
+ls -ld
+chmod 0700 ~/.ssh
+ls -ld authorized_keys
+chmod 0600 ~/.ssh/authorized_keys
+```
+
+* copy your existing local host public key on the server
+```
+ssh-copy-id -p<tbd> <user>@<host name>
+```
+
+* login on the server using public key authentication
+```
+ssh -p<tbd> <user>@<host name>
+```
+
+* if you completed public key authentication successfully,
+you may savely close the terminal/shell running the open password-based login
--- a/doc/ssh-pub-key-auth.md.license
+++ b/doc/ssh-pub-key-auth.md.license
@ -0,0 +1,5 @@
+/*
+ * SPDX-FileCopyrightText: 2022 Software Ingenieur Begerad <swingbe.de>
+ *
+ * SPDX-License-Identifier: CC0-1.0
+ */
--- a/doc/ssh-server.md
+++ b/doc/ssh-server.md
@ -1,5 +1,7 @@
 # Enable SSH Server

+## General
+
 * install ssh server
 ```
 sudo -l
@ -16,7 +18,6 @@ sudo vi /etc/ssh/sshd_config
 sudo systemctl restart sshd
 ````

-* set up public key authentication by copying existing key
-```
-ssh-copy-id -p<tbd> <user>@<host name>
-```
+## Public Key Authentication
+
+Follow [this](./ssh-pub-key-auth.md) guide to configure public key authentication.