Secure your servers with SSH keys
I spend a lot of time SSHed into remote machines for work. After getting a couple machines hacked because I stupidly used short passwords, I started locking down my machines with the following mechanism and disabling username/password authentication.
Keep in mind that I have console access to these machines through CloudStack if I lose my SSH keys for some reason. Because of this, I remove the ability to login with username/password over SSH entirely.
# Create an SSH key if you don't have one already. Defaults: ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub $ ssh-keygen -t rsa # Copy the local SSH pub key to the remote authorized_keys. $ cat ~/.ssh/id_rsa.pub | ssh <user>@<ip_address> "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" # SSH to the remote machine to remove the ability to SSH with a password. $ ssh <user>@<ip_address> # The '$>' prompt denotes the remote machine's command prompt # Edit your sshd_config and verify the following values. $> sudo vim /etc/ssh/sshd_config # enable the ability to use SSH keys RSAAuthentication yes PubkeyAuthentication yes # disable the ability to SSH with just a password ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no $> sudo service ssh reload $> exit