Configuring SSH Server on AlmaLinux 9 for Key-Pair Authentication Login
In the digital age, securing remote access to servers is paramount. One of the most popular methods for achieving this is through SSH (Secure Shell) key-based authentication. Here's a step-by-step guide on how to configure this feature on AlmaLinux 9.
**Step 1: Generate SSH Key Pair**
Begin by generating a secure SSH key pair on your local machine. Open a terminal window and run:
```bash ssh-keygen -t rsa -b 4096 -C "[email protected]" ```
This command creates a 4096-bit RSA key pair, with the default file location being `~/.ssh/id_rsa`. You can optionally enter a passphrase for added security.
**Step 2: Copy Your Public Key**
Use the `ssh-copy-id` tool to copy your public key to the AlmaLinux 9 server:
```bash ssh-copy-id username@server_ip ```
This command appends your local public SSH key to the `~/.ssh/authorized_keys` file on the remote server, enabling key-based login.
**Step 3: Verify SSH Key Authentication**
Test SSH login without a password:
```bash ssh username@server_ip ```
You should be able to connect without a password prompt (unless you set a key passphrase).
**Step 4: Harden SSH Configuration (Optional but Recommended)**
On the AlmaLinux server, edit the SSH daemon configuration:
```bash sudo nano /etc/ssh/sshd_config ```
Modify or add the following lines to disable password authentication and enforce public key authentication:
``` PasswordAuthentication no PubkeyAuthentication yes ChallengeResponseAuthentication no UsePAM no ```
You can also tighten security further by limiting authentication attempts and idle session time:
``` MaxAuthTries 3 ClientAliveInterval 300 ClientAliveCountMax 1 PermitEmptyPasswords no ```
Save the file and restart SSH service:
```bash sudo systemctl restart sshd ```
**Step 5: Set Correct Permissions**
Ensure the `.ssh` directory and authorized_keys file have proper permissions:
```bash chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys ```
Also, ensure the private key on your local machine is readable only by you:
```bash chmod 400 ~/.ssh/id_rsa ```
By following these steps, you've configured SSH key-based authentication on AlmaLinux 9, enhancing the security of your server by eliminating the need for password-based logins. This guide also provides optional steps for further hardening your SSH configuration.
Please note that on Windows, tools like PuTTYgen or the OpenSSH client can be used to generate the key pair. Prerequisites for this guide include an AlmaLinux 9 server with SSH access, a user account with sudo privileges, and a local machine where the SSH keys will be generated.
References: [1]
Encryption plays a crucial role in the security of data-and-cloud-computing, as the SSH key-based authentication method uses encryption to secure remote access to servers. By generating and using SSH keys, you can protect your data from potential attacks, ensuring a higher level of security. The technology of SSH key-based authentication offers a more secure alternative to password-based logins, providing an effective layer of protection for your data.
