agvxov · January 29, 2025 13:09
diff --git a/#Set up key only auth for SSH.txt b/#Set up key only auth for SSH.txt

 		XXX:
 			>basic knowledge of public key cryptography
 		>the server holds a public key, while the client has a private key
 		  which it will use for authentication
 		>this way we protect from brute forcing attacks and
 		  optionally avoid having to enter a password manually when connecting
 		1. Create a key pair
 			Green( anon@Client )$ ssh-keygen
 			"Generating public/private rsa key pair."
 			"Enter file in which to save the key (/home/anon/.ssh/id_rsa):" <path>
 			"Enter passphrase (empty for no passphrase):" [password]
 			"Enter same passphrase again:" [password]
 			"Your identification has been saved in ignore"
 			"Your public key has been saved in ignore.pub"
 			"The key fingerprint is:"
 			"SHA256:sAswBDPwdk6wqK8HSOvDBRUrJmYbA0O9i8ZAmTbxve0 anon@Client"
 			"The key's randomart image is:"
 			"+---[RSA 3072]----+ "
 			"|=o=.o o     *    | "
 			"|.Xx+o+ +   a     | "
 			"|+BB o.o .   b    | "
 			"|*o*   o          | "
 			"|+o* o...S        | "
 			"|.=.B  .+    r    | "
 			"|+ ..+ oE         | "
 			"| + .jklas8u      | "
 			"|  o.             | "
 			"+----[SHA256]-----+ "
 			¤NOTES:
 				<path>			: if you're following this tutorial then the default probably good enough for you
 				[password]      : optional password; your private key will be encrypted with this,
 								   which makes it secure from being plainly stolen,
                 however do note that you'll have to enter it
 								   whenever with every new ssh-agent session;
                 dont be afraid to leave it empty
 		2. Get the server's identifier
 			>if the server is located on the LAN use:
 				Red(   root@Server )$ ip a
 				//look for the num string which fits the pattern:
 					192.168.0.<int>
 			>if the server is located on WAN look up its IP online
 			>if the server has a register-ed domain use that
 			>NOTE: use whatever you got as "<targer>" from now on
 		3. Add the key to the server
 			Green( anon@Client )$ ssh-copy-id <target>
 			>if the key location is not the default explicit-ly specify its path using the `-i` flag
 		4. Login to the server
 			Green( anon@Client )$ ssh <targer>
 			>this step serves as both ground work for easing the next step and as a test
 			>if you're prompted for a password something went terribly wrong, do not proceed
 		5. Disable password authentication
 				Red(   root@Server )$ ${EDITOR} /etc/ssh/sshd_config
 				¤add or modify lines to match the following rules:
 					PubkeyAuthentication yes
 					PasswordAuthentication no
 		6. Restart ssh server
 				Red(   root@Server )$ systemctl restart sshd
 		Troubleshooting:
 			¤permissions
 				>ssh is very sensitive to the correct permissions on the server
 (for understandable security reasons, but the error reporting ain't great)
 				:--------------:------------------------:
 				|  Permission  |          File          |
 				:--------------:------------------------:
 				:         755  : ~/                     :
 				:         700  : ~/.ssh/                :
 				:         600  : ~/.ssh/authorized_keys :
 				:--------------:------------------------:

	XXX:
	>basic knowledge of public key cryptography
	>the server holds a public key, while the client has a private key
	which it will use for authentication
	>this way we protect from brute forcing attacks and
	optionally avoid having to enter a password manually when connecting
	1. Create a key pair
	Green( anon@Client )$ ssh-keygen
	"Generating public/private rsa key pair."
	"Enter file in which to save the key (/home/anon/.ssh/id_rsa):" <path>
	"Enter passphrase (empty for no passphrase):" [password]
	"Enter same passphrase again:" [password]
	"Your identification has been saved in ignore"
	"Your public key has been saved in ignore.pub"
	"The key fingerprint is:"
	"SHA256:sAswBDPwdk6wqK8HSOvDBRUrJmYbA0O9i8ZAmTbxve0 anon@Client"
	"The key's randomart image is:"
	"+---[RSA 3072]----+ "
	"\|=o=.o o * \| "
	"\|.Xx+o+ + a \| "
	"\|+BB o.o . b \| "
	"\|o o \| "
	"\|+o* o...S \| "
	"\|.=.B .+ r \| "
	"\|+ ..+ oE \| "
	"\| + .jklas8u \| "
	"\| o. \| "
	"+----[SHA256]-----+ "
	¤NOTES:
	<path> : if you're following this tutorial then the default probably good enough for you
	[password] : optional password; your private key will be encrypted with this,
	which makes it secure from being plainly stolen,
	however do note that you'll have to enter it
	whenever with every new ssh-agent session;
	dont be afraid to leave it empty
	2. Get the server's identifier
	>if the server is located on the LAN use:
	Red( root@Server )$ ip a
	//look for the num string which fits the pattern:
	192.168.0.<int>
	>if the server is located on WAN look up its IP online
	>if the server has a register-ed domain use that
	>NOTE: use whatever you got as "<targer>" from now on
	3. Add the key to the server
	Green( anon@Client )$ ssh-copy-id <target>
	>if the key location is not the default explicit-ly specify its path using the `-i` flag
	4. Login to the server
	Green( anon@Client )$ ssh <targer>
	>this step serves as both ground work for easing the next step and as a test
	>if you're prompted for a password something went terribly wrong, do not proceed
	5. Disable password authentication
	Red( root@Server )$ ${EDITOR} /etc/ssh/sshd_config
	¤add or modify lines to match the following rules:
	PubkeyAuthentication yes
	PasswordAuthentication no
	6. Restart ssh server
	Red( root@Server )$ systemctl restart sshd
	Troubleshooting:
	¤permissions
	>ssh is very sensitive to the correct permissions on the server
	(for understandable security reasons, but the error reporting ain't great)
	:--------------:------------------------:
	\| Permission \| File \|
	:--------------:------------------------:
	: 755 : ~/ :
	: 700 : ~/.ssh/ :
	: 600 : ~/.ssh/authorized_keys :
	:--------------:------------------------: