×
  • Shared Hosting

    Fast reliable and affordable cPanel Web Hosting from $2.99 per month.

  • Reseller Hosting

    Multiple websites? No problem with our multi-site hosting package. From $5.99 per month.

  • Annual Hosting

    Save money on web hosting by paying annually. Starting at $29.99 per year.

  • VPS Servers

    Need more power and resources? Choose our VPS server, only $7.99 per month.

  • FREE HOSTING PLAN

    Ideal for students and unemployed.

    Register

How to secure a VPS from brute force attacks – with keys!

13/07/2016 | |0 comment

vpssecureOne of the greatest downsides of managing one’s own VPS is greater vulnerability to Brute Force attacks.  One way of protecting access to one’s VPS is to do away with password access.  This is achieved by creating two sets of keys: public and private – that are mathematically linked with algorithms.  And then to disable the username/password login.

The following are steps for creating the key sets with PuTTY and PuTTYgen.

Step 1: Generate a Set of Private and Public Keys with PuTTYgen

The tool for creating the two sets of keys is provided by an executable file called PuTTYgen.  It can be downloaded from the PuTTY Download Site.
  1. Start the PuTTYgen utility, by double-clicking on its .exe file – this is what it looks like;puttygen1
  2. For Type of key to generate, select SSH-2 RSA;
  3. In the Number of bits in a generated key field, specify either 2048 or 4096 (increasing the bits makes it harder to crack the key by brute-force methods);
  4. Click the Generate button;
  5. Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full;
  6. A private/ public key pair has now been generated;
  7. In the Key comment field, enter any comment you’d like – this is useful to identify your keys;
  8. Optional: Add a Key passphrase for added security.  However if you want entry to your VPS without a passphrase you can leave this blank;
  9. Click the Save public key button;
  10. Click the Save private key button;
  11. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All;
  12. Right-click again in the same text field and choose Copy.

Step 2: Save Public Key on VPS

Next step is to save the public key in the file ~/.ssh/authorized_keys on your VPS.

  1. Log in to your VPS;
  2. If your SSH folder does not yet exist, create it manually:
    mkdir ~/.ssh
    chmod 0700 ~/.ssh
    touch ~/.ssh/authorized_keys
    chmod 0644 ~/.ssh/authorized_keys
  3. Paste the SSH public key into your ~/.ssh/authorized_keys file

 Step 3: Link Private Key File with PuTTY Profile

  1. Start PuTTY by double-clicking its executable file;putty-hammer
  2. In the Host Name field, enter the IP address of your VPS;
  3. Enter the port number in the Port field;
  4. Select SSH under Protocol;
  5. Along the left-hand side of the window, select the Data sub-category, under Connection;
  6. Specify the username that you plan on using, when logging in to the SSH server, and whose profile you’re saving, in the Auto-login username field;
  7. Expand the SSH sub-category, under Connection;
  8. Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window;puttygen2
  9. Browse your file system and select your previously-created private key;
  10. Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. root;
  11. Click the Save button for the Load, Save or Delete a stored session area.

Now you can go ahead and log in to root and you will not be prompted for a password unless you created a passphrase.

 Step 4: Disable Username/Password Logins

Password-less logon is achieved with the following steps in CentOS:

Open the file using the commands below.

vi /etc/ssh/sshd_config

Then uncomment and change the lines to match the ones below. Make sure these lines are un-commented, meaning they don’t have the (#) before it.

PubkeyAuthentication yes
AuthorizedKeyFile  .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no

Save the file and reload SSH server by running the commands below.

service sshd reload

Now try accessing the SSH server and it shouldn’t prompt you to enter your password.

Genesis

Leave a reply

Your email address will not be published. Required fields are marked *