Creating a key to have access to your server through ssh is the safest way to get access to your server.
In your client machine just type:
ssh-keygen -t rsa -C "[email protected]"
It is going to ask you the location, just hit “Enter”, and if you want a password just type, confirm, and the key is created.
To transfer your key to the server issue the command:
ssh-copy-id [email protected]
Confirm the password that you used to type to log in to your server.
The public key can be manually installed by appending the id_rsa.pub into the authorized_keys.
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Done! Now just try to connect again.
If you did everything correctly you are already logged in.
It is always a good idea to have another account set just in case you type something wrong and lock yourself out. If this is the case, log in with the second account, switch to your user, or root, and delete the files inside the folder ~/.ssh/.
As a good practice, always protect your SSH as much as you can. See the recommendations below:
sudo nano /etc/ssh/sshd_config
Configuration parameters you should pay attention to:
AllowUsers user PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no PermitEmptyPasswords no
Replace “user” with your own user id. Restart your server:
sudo systemctl restart sshd.service
If you need to hop on a server that is the entry point of a network to reach one internal server use the ProxyJump functionality:
Or create a configuration to automate this process:
With the following configuration customized accordingly:
Host external HostName 18.104.22.168 User user1 Host internal HostName 10.0.0.1 User user2 ProxyJump external
Many other parameters can be configured in this file:
Host serverA HostName 192.168.0.1 User user3 Port 2222 Protocol 2 IdentityFile ~/.ssh/serverA.key LogLevel INFO Compression yes ServerAliveInterval 60 ServerAliveCountMax 30 ForwardAgent no ForwardX11 no ForwardX11Trusted yes ProxyJump [email protected]:22,[email protected]:2222 Host * !192.168.0.1 User ubuntu
Or to bypass any pre-configuration and only give the arguments of the command:
ssh -F /dev/null [email protected]
Discover new functionalities over SSH on the post Reverse Shell with AutoSSH [Link]