Skip to content

Instantly share code, notes, and snippets.

@smac89 smac89/
Last active May 10, 2020

What would you like to do?
Set up an ssh server with public key encryption. #ssh


Create the user group and add the users you want to be part of this group:

sudo groupadd sshusers
sudo usermod -a -G sshusers <username>


# Generate key and create password
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_server_name

eval $(ssh-agent)
ssh-agent add ~/.ssh/id_rsa_server_name

Next edit your ~/.ssh/config with the following:

Host server_name
    User username
    HostName #The address the server is listening on (doesn't have to be the same as server)
    Port 1337
    IdentitiesOnly yes
    IdentityFile ~/.ssh/id_rsa_server_name

Now copy the public key to your server:

ssh-copy-id -i ~/.ssh/ server_name


Setting up the ssh-server

edit /etc/ssh/sshd with the following configurations (backup first)

Port 1337
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

# Kerberos options
KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

UsePAM yes
AllowGroups sshusers
MaxStartups 2

Restart sshd

sudo service sshd restart


Now you can do the following to login to the server:

ssh server_name

If everything has been done well, you should not be prompted for a password and simply find yourself logged in

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.