this post was submitted on 05 Dec 2023
1 points (100.0% liked)

Self-Hosted Alternatives to Popular Services

0 readers
0 users here now

A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web...

founded 1 year ago
MODERATORS
 
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/IacovHall on 2023-12-05 16:43:08.


hey

i would like to achieve logging into my VMs via SSH with an each unique key pair and deactivated password logins

i've found several guides how to achieve that via puttygen etc but i still don't get the hang of it and am afraid of locking myself out of my machines

how do you generate your keys for your machines? do you generate a pair for each machine or do you use one "general key"?

how do you manage those keys? do you store them in a password manager or simply in putty?

how do you recover from a data loss? (e.g. OS has to be reinstalled and you loose the local putty config)

what is the most foolproof step by step guide for dummies like me to generate the keys, push them onto the machine and deactivate the pw login?

because i once stood in pooring rain in front of my home because i forgot my keys - i don't want to experience something similar with my VMs ;)

edit:

thank you for your great help so far

i will summarize my understanding of now, in the hope for others, that share my confusion ;) , to get started quickly - but i recommend reading the threads - there are a lot of good explanations, thank you all!

out of the box, u/Ovasak 's recommendation of Veronica Explains' video helped a lot

a user will have to make slight adjustments to the paths and commands depening on wether they are using linux or windows

in my case, i use w11 and connect to linux OSs (Dietpi, Debian Bookworm)

on the client, use ssh-keygen to generate a keypair - if you are on the current openssh client, it will generate a ed25519 key pair. if it creates a RSA key, use the ssh-keygen -t ed25519 command. Veronica Explains uses the command ssh-keygen -t ed25519 -f ~/.ssh/filename -C "comment" to explicitly define the path and add a comment.

after that, copy the key to the desired machine via ssh-copy-id -i .ssh/filename.pub [email protected]. if you are on windows, ssh-copy-id does not work currently. i've found the powershell command type c:/path/filename.pub | ssh [email protected] "cat >> .ssh/authorized_keys"

after that, it should normally suffice to edit a file on the server: nano /etc/ssh/sshd_config. uncomment PasswordAuthentication and set it to no. PubkeyAuthentication should be set to yes be default. PermitRootLogin set to no if you are using a root user (still have to test if it interfers with the key based authentication for root).

reload sshd with sudo systemctl reload sshd

don't close the connection, open a seperate shell and test your connection - edit in the still open session if needed

for easy logins (via ssh hostname) edit a config under .ssh: nano .ssh/config

and set your entries accordingly

Host voyage
    Hostname 000.000.000.000
    IdentityFile ~/.ssh/filename
       User root

for dietpi, the aforementioned way to disable pw-logins does not suffice - i am still looking for a solution

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here