Server Security (Part 1): Protecting Your Server with SSH Keys
Welcome to Part 1 of a 4 part series of blog posts about different methods of security you can implement to keep your server safe. Cyber attacks are at an all time high and by utilizing some of these security methods you can reduce your risk of outside intruders getting into your system. Security is an often overlooked facet of maintaining a server connected to the Internet, however addressing some of these issues sooner than later can save you from a disaster later on down the road.
In this blog post we are going to introduce you to SSH Keys.
What are SSH Keys?
SSH keys are an authentication method that is more secure than your standard password based authentication. They serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. Once implemented SSH Key authentication replaces the needs for traditional password based authentication. Many passwords can usually be cracked via brute force attack methods, however SSH keys are nearly impossible to penetrate by brute force alone.
Why Use SSH Keys?
SSH brute force attacks are more popular than ever. Many times within hours of a new server going live, hackers are scanning it looking for vulnerabilities. The security of your system is only as strong as your weakest password and as long as users use weak passwords, hackers will be able to brute force them. A more secure alternative to the traditional login and password authentication is SSH Keys.
How do they work?
SSH keys always come in pairs, one public and one private. The private key is known only to the person who needs to login, while public keys can be shared with anyone. Both private and public keys are created prior to authentication.
To setup an SSH key for authentication, you must place the public key in a designated server directory. This directory is usually ~.ssh/ in the user’s home directory. The private key is kept on the computer your trying to login from. Private keys are considered sensitive information and can be secured via a passphrase only known to the owner. Keys can be created without a passphrase, but doing so puts the security of your key at risk.
When you are logging into a computer, the SSH server utilizes the public key to encrypt a message that can only be unencrypted by the private key. This allows data transferred to and form the computer you are logging into in a way that eavesdroppers can not “listen” in on your connection.
Once an SSH Key method is installed you can disable password based remote authentication to significantly reduce the chances of an outside intruder gaining access to you system. SSH keys contain many more bits of data and as a result the time necessary to brute attach the key would take many, many years.
How to Setup an SSH Key Authentication Method?
Setting up an SSH Key system is fairly simple and can usually be done in just a few minutes. You set up both keys on your local machine and then transfer the public key to your server. Check out the following videos for your individual OS.
To learn more about SSH Keys, please visit this article.
If you’re looking to find out more about securing your sever, please contact your QuadraNet sales rep or contact the QuadraNet support department.