SSH Lockdown
Secure your servers with SSH keys
I spend a lot of time SSHed into remote machines for work. After getting a couple machines hacked because I stupidly used short passwords, I started locking down my machines with the following mechanism and disabling username/password authentication.
Keep in mind that I have console access to these machines through CloudStack if I lose my SSH keys for some reason. Because of this, I remove the ability to login with username/password over SSH entirely.
# Create an SSH key if you don't have one already. Defaults: ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
$ ssh-keygen -t rsa
# Copy the local SSH pub key to the remote authorized_keys.
$ cat ~/.ssh/id_rsa.pub | ssh <user>@<ip_address> "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
# SSH to the remote machine to remove the ability to SSH with a password.
$ ssh <user>@<ip_address>
# The '$>' prompt denotes the remote machine's command prompt
# Edit your sshd_config and verify the following values.
$> sudo vim /etc/ssh/sshd_config
# enable the ability to use SSH keys
RSAAuthentication yes
PubkeyAuthentication yes
# disable the ability to SSH with just a password
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
$> sudo service ssh reload
$> exit