Lets start next with setting up SSH keys.
If you’re on windows you should be using Putty. Boot up Puttygen, ensure SSH-2 RSA is selected and click on ‘Generate’. Follow the instructions and enter a Key Passphrase and then save both Public & Private Keys. Put them somewhere safe, (not Dropbox etc) and ideally, back them up on cold storage, a flash drive somewhere safe. Don’t close puttygen yet.
Boot up regular putty and connect to your new server and once logged in,
If this file/folder doesn’t exist yet, you can create it yourself
mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys
Then nano into it again. Go back to puttygen and right click on the box you waved your mouse over earlier with the random movements, select copy and paste it in (right click) the file we just opened in putty. Then close it out,
ctrl + x, y.
Great, now we have our SSH keys created, now we need to configure the ssh service to allow key-based login and disallow password-enabled logins.
PasswordAuthentication yes to
PasswordAuthentication no and
UsePAM yes to
UsePAM no. Then
service sshd restart. Don’t logout of your current putty session yet as if you screwed anything up, you may get locked out. Open up a second Putty window, load the same server connection details but this time, click on the ‘SSH’ button on the left hand side, ‘Auth’ and in the ‘Private key file for authentication’ box, browse to your private key from earlier that you saved, then click ‘Session’ again on the left hand side and ‘Save’. Click ‘Open’ and enter the SSH passphrase if you created one, you should now be successfully logged in. You can close the first Putty window now as we’ve successfully setup SSH keys.
As for other security measures like changing SSH port and installing fail2ban, Quickbox will take care of this for us.