A Three-Step Guide on How to set up passwordless SSH authentication
Why am I writing this?
Because the vps of someone in the fediverse just got hacked, and it's super scary.
SSH up, people!
Why should you set up a passwordless SSH authentification? Because there are some bad people out there having nothing to do but to dictionary SSH attack people.
It is recommanded to avoid using mundane and guessable login usernames such as 'root', or 'ubuntu'.
3# OH GOD WHY DIGITALOCEAN WHY?
Apparently root is the only superuser some people have chez DigitalOcean. How annoying.
If this applies to you, here is what to do on your VPS:
- type adduser followed by the username you want to create
adduser username
The terminal will ask you to enter a password for this new user. You don’t have to answer those questions. Pressing Enter for everything is fine.
- grant sudo permissions
usermod -aG sudo username
- Delete the commoner username
userdel -r username
Step 1: Go to your terminal and generate keys
Where to type the commands?
For Mac Users: Spotlight search for “Terminal”, then type the command “ssh-keygen”
For Windows Users: Windows Menu search “cmd”, then type bash in it, then “ssh-keygen”
ssh-keygen
- Go 'Enter' for everything.
Step 2: Send the Generated Key to Your VPS
ssh-copy-id username@yourdomain
Step 3: Connect
Then you just enter your password after the command to make sure everything works
ssh username@yourdomain
Now: Disable password logins
The disabling is optional but recommended.
- Edit the file “/etc/ssh/sshd_config” on your vps machine to disable SSH password and root login:
sudo nano /etc/ssh/sshd_config
- Find and change the following settings to no:
Port 36
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
- Save and exit the file with ctrl-X
- Reload the configuration of the SSH server with the following command:
sudo service sshd reload