Archive

Posts Tagged ‘ssh-keygen’

Changing SSH keygen and SSH port perfectly without mistake

Now I am giong to discuss how to change the ssh keygen and port of your remote server.

It is important as setting of ssh keygen needs expertise and self confidense as it involves lots of risk.If you do it wrongly then you may lost connection to your remote server.Then your headache will start like contacting the hosting service provider or if you have a amazon cloud server you loose alla your data. Ok dont be afraid as now I am going to discuss step by step process on how to change your keygen.

Changing SSH Key:-

  • ssh to your server using good old user name and password
  • do check permissions on your ~/.ssh folder and make sure it is set to 700 or else execute

chmod 700 .ssh

  • do check permissions on your ~/.ssh/authorized_keys file and make sure it is set to 600 or else execute

chmod 600 authorized_keys

  • generate the keys on the server with something like

ssh-keygen -t dsa

(or rsa – read the man pages if your don’t know how to use ssh-keygen )

  • accept the file names it wants to use and give the correct path but make sure you type correct absolute path(/root/.ssh not .ssh)
  • enter a strong passphrase or no paraphrase
  • add the pub key to the authorized_keys file with something like

cat id_dsa.pub >> .ssh/authorized_keys

  • copy the private key (id_dsa) to your local windows machine (use winscp or sftp or some such tool)
  • NOW open puttygen.exe
  • under actions select “load” and load the id_dsa file
  • enter the passphrase you set when you generated the key on the server. Puttygen will now convert the key to something that putty will understand
  • save that file to something like

pivatekey.ppk

  • NOW change your putty settings under “connection > SSH > auth” to use

privatekey.ppk

  • NOW try and connect
  • enter the passphrase when prompted
  • Hurray You’re now connected to the server

Changing SSH server port:-

If you won’t change your production server ssh port then you will find a lot of illegal logins to your server.This can expose your server to high security risk.So you need to change the server SSH key before putting your server online.To change the port please follow the steps as mentioned below.


1. From your terminal session, edit /etc/ssh/sshd_config

            bash-2.05b# vi /etc/ssh/sshd_config

2. Look for the following line:

              #Port 22

3. Change the line so it looks like this:

                Port 2995

4. Save and close the file

5. Load the new configuration by using the RedHat service command

         service sshd reload

Note: you will immediately lose connectivity to your server on the open ssh session you are currently running as the port get changed.

6. Test the connection

              (comp@kirti)(~/Desktop) $ ssh username@myhostnaname.com -p 2995

Take note of the -p 2995 flag used when connecting to the server. If you are using OS X or a Linux desktop system like Mandriva or Ubuntu, you’ll need to specify the port number when connecting. If you’re using PuTTy on Windows, you can specify the port number in the profile for you connection and then re-save the profile using the new port.

7.If you have enabled ssh service at startup then please check this also.

vi /etc/xinetd.d/sshd

              service ssh
                    {
                disable = no
                socket_type  =  stream
                 type               =  UNLISTED
             port                = 22
             protocol         = tcp
             wait                = no
                user                = root
                server             = /usr/sbin/sshd
                server_args   = -i
                   }

Change “port = 22” for the new port 2295 and restart. Now You are safe from hackers those who use port 22 to get illegal entry to your server.

Advertisements
Categories: Linux Tags: , , , ,