Ssh keys
you need to edit /etc/ssh/sshd_config and disable password auth
but before that, you need to make sure you have the ssh keys set up, and the authorized_keys entry, and the directory permissions.
i usually just
ssh-keygen -t dsa -b 1024
that creates
$HOME/.ssh/id_dsa
$HOME/.ssh/id_dsa.pub
then cat $HOME/.ssh/id_dsa.pub >> $HOME/.ssh/authorized_keys
then chmod -R 700 $HOME/.ssh
then edit /etc/ssh/sshd_config to set password auth = no,
or something.
but the quickest defencse is to edit the sshd startup script and add
-p 1234
or some other not commonly thought of port
so then it can work as it is, but you just
ssh -p 1234 yourbox.
when ssh keys are working properly, you should be able to ssh without entering a password.
so your system would have the private, public keys, and the remote web server only needs to have the entry of the id_dsa.pub appended to authorized_keys
No comments:
Post a Comment