1

I am new to this so please dumb this down a little for me.

I use OSX locally, Ubuntu server for my remote host on Linode. And to my understanding, I can use ssh-keygen -b 4096 locally, to generate two files:

~/.ssh/id_rsa and ~/.ssh/id_rsa.pub

And then on my server I run mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/ to create the .ssh folder and give it recursive read/write/execute privileges for the "file owner" (whatever that is, according to the chmod wiki).

Then I call

scp ~/.ssh/id_rsa.pub example_user@123.4.567.89:~/.ssh/authorized_keys

Which I guess uses ssh protocol to upload the public key to the server in a newly-created authorized_key file in the server's .ssh folder I just created.

So I assume this means the public file goes on the server, whereas both the public and private file reside on my local machine.

Now let's say I edit my /etc/ssh/sshd_config file where I can mess with PermitRootLogin, PasswordAuthentication, and ChallengeResponseAuthentication.

My questions:

  1. Should I be disabling root login? Should I set PermitRootLogin to no or to without-password? Should I be disabling all passwords and using keys only, period? What about PasswordAuthentication and ChallengeResponseAuthentication?

  2. Is it safe to have the private and public key files on my local machine? Should I be deleting the public one and only holding onto the private one?

  3. If I am only relying on the key, doesn't this mean I am now exposed to a new weakness: Someone getting into my machine and therefore getting access to my key file?

user712268
  • 27
  • 4

2 Answers2

1

Is it safe to have the private and public key files on my local machine? Should I be deleting the public one and only holding onto the private one?

The public key can be derived from the private key (but not the other way around). How do I retrieve the public key from a SSH private key? The public key is provided merely as a matter of convenience so that you don't have to generate it every time you need to add your key to a new server.

If I am only relying on the key, doesn't this mean I am now exposed to a new weakness: Someone getting into my machine and therefore getting access to my key file?

That's why you don't blindly press Enter when running ssh-keygen and instead use a strong password (of course, different from you user's password) to encrypt your key.

Should I be disabling root login?

It's effectively disabled by default since the defaults only allow key-based login and root has not authorized_keys by default.

Should I set PermitRootLogin to no or to without-password?

It's set to without-password because that's a safe default. You can set it to no if you so wish. However, if you ever need to rsync/scp as root, you'll run into trouble.

Should I be disabling all passwords and using keys only, period? What about PasswordAuthentication and ChallengeResponseAuthentication?

If you can stick with this policy, then certainly use keys only and disable both.

muru
  • 207,228
1

The "best practice" with ssh, or any server for that matter, is to :

  1. Assess the value of your asset and the data on your server where you install and configure ssh. Is this a home computer behind a lan ? Or a public ip address on a server with sensitive data, private information, financial information ? etc.

  2. Read ALL the security options.

  3. Then decide how you want to balance security with ease of access, ease of configuration, and value of your assets.

For my considerations on ssh see - http://bodhizazen.com/Tutorials/SSH_security

Panther
  • 104,528