Zach's Mugspideyclick logo

GitHub

GitLab

Linkedin

Instagram

Youtube

SoundCloud

Email

SSH Tips

Restrict SSH to a specific IP

Edit /etc/hosts.allow and enter IP/range you want to allow: sshd: 10.83.33.77/32, 10.63.152.9/32, 10.12.100.11/28, 10.82.192.0/28

Edit /etc/hosts.deny and let's deny everything else: sshd: ALL

Restart the SSH service: sudo systemctl restart sshd.service

That's pretty much it.

Enable Key authentication on server

  • Ensure /etc/ssh/sshd_config has PubkeyAuthentication set to yes.
  • Public Keys go into ~/.ssh/authorized_keys.
  • Permissions: make sure the .ssh folder is 700, the authorized_keys file is 600, and owned by the user.

Copy Your Key Despite No Password Auth

Note: if you're on a Linux box, you may be able to use the ssh-copy-id utility, which completes steps 4-7 for you!

  1. Log in via DigitalOcean Console
  2. sudo nano /etc/ssh/sshd_config, find PasswordAuthentication no line and change to yes.
  3. Restart the SSH Service - sudo systemctl restart sshd.
  4. If needed, create the .ssh directory in your home folder.
  5. Create or edit ~/.ssh/authorized_keys.
  6. Open your private key in PuTTYGen or using OpenSSH to get the public key sting
  7. Paste that string into the ~/.ssh/authorized_keys file.
  8. Test logging in using Private Key.
  9. If it all works, then make sure to disable passowrd authentication again! sudo nano /etc/ssh/sshd_config, find PasswordAuthentication yes line and change to no, then run sudo systemctl restart sshd one last time.

PuttyGen Tips

  • If creating a key for use with Secure Shell App for Chrome, after creating the key (doing all the mouse wiggling and such) make sure you do not just save the pivate key. Instead, use the Conversions menu and select Export OpenSSH key (force new file format). Otherwise you will get the error Invalid key format.

Specify client's default SSH key

Edit (or create) .ssh/config: identityfile <filepath>