One of the greatest downsides of managing one’s own VPS is greater vulnerability to Brute Force attacks. One way of protecting access to one’s VPS is to do away with password access. This is achieved by creating two sets of keys: public and private – that are mathematically linked with algorithms. And then to disable the username/password login.
The following are steps for creating the key sets with PuTTY and PuTTYgen.
Step 1: Generate a Set of Private and Public Keys with PuTTYgen
- Start the PuTTYgen utility, by double-clicking on its .exe file – this is what it looks like;
- For Type of key to generate, select SSH-2 RSA;
- In the Number of bits in a generated key field, specify either 2048 or 4096 (increasing the bits makes it harder to crack the key by brute-force methods);
- Click the Generate button;
- Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full;
- A private/ public key pair has now been generated;
- In the Key comment field, enter any comment you’d like – this is useful to identify your keys;
- Optional: Add a Key passphrase for added security. However if you want entry to your VPS without a passphrase you can leave this blank;
- Click the Save public key button;
- Click the Save private key button;
- Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All;
- Right-click again in the same text field and choose Copy.
Step 2: Save Public Key on VPS
Next step is to save the public key in the file ~/.ssh/authorized_keys on your VPS.
- Log in to your VPS;
- If your SSH folder does not yet exist, create it manually:
mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys
- Paste the SSH public key into your ~/.ssh/authorized_keys file
Step 3: Link Private Key File with PuTTY Profile
- Start PuTTY by double-clicking its executable file;
- In the Host Name field, enter the IP address of your VPS;
- Enter the port number in the Port field;
- Select SSH under Protocol;
- Along the left-hand side of the window, select the Data sub-category, under Connection;
- Specify the username that you plan on using, when logging in to the SSH server, and whose profile you’re saving, in the Auto-login username field;
- Expand the SSH sub-category, under Connection;
- Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window;
- Browse your file system and select your previously-created private key;
- Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. root;
- Click the Save button for the Load, Save or Delete a stored session area.
Now you can go ahead and log in to root and you will not be prompted for a password unless you created a passphrase.
Step 4: Disable Username/Password Logins
Password-less logon is achieved with the following steps in CentOS:
Open the file using the commands below.
Then uncomment and change the lines to match the ones below. Make sure these lines are un-commented, meaning they don’t have the (#) before it.
Save the file and reload SSH server by running the commands below.
service sshd reload
Now try accessing the SSH server and it shouldn’t prompt you to enter your password.