- Will need to manage multiple passwords: (1) hosting provider web dashboard, (2) server root, (3) server sudo user, (4) optional ssh private key, (5) mySQL admin-user. Root must be unique and complex
- Generate keys using puttygen
- Copy and paste public key and store in text file (may store putty, keys, and puttygen in a directory above local web root on your laptop)
- Once logged into your server as your sudo user, do:
$ cd # to make sure we're in our home directory
$ mkdir .ssh && touch ~/.ssh/authorized_keys
$ chown -R $USER:$USER .ssh
$ chmod 700 .ssh
$ chmod 600 .ssh/authorized_keys
$ nano .ssh/authorized_keys
- Now copy the contents of your public key file (which resides your local machine/laptop/dev machine) into the authorized_keys file on your server. The public key must be on a single line and start with ssh-rsa
- Within putty: (1) Connection->Data then add username for pwdless login (2) SSH->Auth->Browse and select *.ppk private key file (3) Session->Enter name and save
- Open a new putty window using this new configuration
- Once you confirm your server successfully authenticates with public key, disable password-based logins:
$ sudo nano /etc/ssh/sshd_config
- Scroll through the file and make sure the following are set:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no #NB: Leave UsePAM as yes (the default) if you want to see server stats from landscape-common
- After you exit and save, reload SSH:
$ sudo service ssh reload
- At anytime you can view the SSH server logs via:
$ tail -f /var/log/auth.log