Future-proof your skills with Linux, Python, vim & git as I share with you the most timeless and love-worthy tools in tech through my two great projects that work great together.

Removing Password Authentication from SSH Services

I created a new Linux container with OpenSSH service and disabled the ability to challenge passwords, then moved keys over to eliminate passwords. I also set up a shared folder with three sub-folders, changed permissions on the keys, and restarted the SSH service. Read my blog post to learn how I did it.

Securely Eliminating Passwords with OpenSSH and Linux Containers

By Michael Levin

Monday, July 25, 2022

  1. Get a new LXD container that doesn’t trigger the warning.
    • Don’t forget to use NAT networking mode.
    • Add port 2222 to port 22 NAT map.
  2. Login locally to give ubuntu user a password and add openssh-server service.
  3. Ensure that you can login using the ssh program (re-figure-out IP?)
  4. Get rid of the password challenge.
  5. Move keys over to get rid of passwords.
  6. Get keys in place to git clone from github without challenge.

Eliminating Password From OpenSSH on NAS Linux Container

Create new keys? They’re auto-generated in /etc/ssh/ but just in case:

ssh-keygen -t rsa -C "email@address.com"

Do we need to turn off the ability to challenge passwords? I so:

What I’m sure I do need is a list of authorized keys. If only one then it’s the same as the actual public key being used. One public key, one line.

Much of this video went into creating the ~/data shared folder. Now all locations have the same 3 folders:

That’s a good setup for the videos to come!

systemd-way to restart a service:

sudo systemctl restart ssh

It wasn’t even necessary. But it was very necessary to chmod the files correctly:

sudo chmod 600 id_rsa

And so on.