{"id":183,"date":"2024-01-17T20:06:15","date_gmt":"2024-01-18T04:06:15","guid":{"rendered":"https:\/\/blog.sacko.dev\/?p=183"},"modified":"2024-01-18T02:53:51","modified_gmt":"2024-01-18T10:53:51","slug":"using-the-same-ssh-key-for-all-servers-and-devices-securing-your-server-from-password-logins","status":"publish","type":"post","link":"https:\/\/blog.sacko.dev\/?p=183","title":{"rendered":"Using the same SSH Key for All Servers and Devices; Securing Your Server from Insecure Logins"},"content":{"rendered":"\n<p>I was getting sick of the mess of SSH keys I had for all of my devices and servers, so I started on making all my devices use the same set of keys so I can have one key for everything.<\/p>\n\n\n\n<p>You do NOT want to delete any of your old keys, if you have any, until you get all of them configured with the key you are trying to use.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Generating a New Key<\/h2>\n\n\n\n<p>First of all, you want to generate a key. I did it on a Linux PC to avoid any oddness with Windows, but it may work fine. To do this, you go into the Linux terminal and type:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh-keygen<\/code><\/pre>\n\n\n\n<p>It will prompt you for a file name. I used a different file to avoid conflicts with old keys. You want it to be in your home directory, so enter in:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>~\/.ssh\/&#91;keyname] #only write in a name; no file type<\/code><\/pre>\n\n\n\n<p>Next, it will prompt you to enter a passphrase. If you need the extra security, you can go ahead; otherwise, just hit Enter twice.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Moving the New Key to a Server<\/h2>\n\n\n\n<p>You should now have a new SSH key. To move it to your new servers, you have to copy the public key onto the server. To do so, run this command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># if default file name\nssh-copy-id &#91;server_user]@&#91;server_domain]\n# if custom file name\nssh-copy-id -i ~\/.ssh\/&#91;keyname].pub &#91;server_user]@&#91;server_domain]<\/code><\/pre>\n\n\n\n<p>To make sure it works, you&#8217;ll want to specify the private key you created in the SSH command. This will be what you put in the .ssh folder for the devices you connect to the server with.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># if default file name\nssh -i ~\/.ssh\/id_rsa &#91;server_user]@&#91;server_domain]\n# if custom file name\nssh -i ~\/.ssh\/&#91;keyname] &#91;server_user]@&#91;server_domain]<\/code><\/pre>\n\n\n\n<p>If this works, you should be good to remove password logins on your server by following the section below.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Securing the Server from Unsecured Logins<\/h2>\n\n\n\n<p>To remove unsecured logins without an SSH key, you will have to edit the ssh config file. Make sure you are super user before adding the PermitRootLogin line, which you can test with <strong>sudo su<\/strong>. You will want to change or add these lines into your \/etc\/ssh\/sshd_config:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>PermitRootLogin no #if sudo user\nPasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM no\nPubkeyAuthentication yes<\/code><\/pre>\n\n\n\n<p>From here, you can reboot your server, then reconnect to it with the ssh command above. If you are using the default id_rsa, you can just do ssh without the -i argument.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was getting sick of the mess of SSH keys I had for all of my devices and servers, so I started on making all my devices use the same set of keys so I can have one key for everything. You do NOT want to delete any of your old keys, if you have <a href=\"https:\/\/blog.sacko.dev\/?p=183\" class=\"more-link\">&#8230;<span class=\"screen-reader-text\">  Using the same SSH Key for All Servers and Devices; Securing Your Server from Insecure Logins<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/posts\/183"}],"collection":[{"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=183"}],"version-history":[{"count":7,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/posts\/183\/revisions"}],"predecessor-version":[{"id":202,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=\/wp\/v2\/posts\/183\/revisions\/202"}],"wp:attachment":[{"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.sacko.dev\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}