Question: How do you generate public and private keys to log into the Server using SSH? I am getting "Server refused our key" Error when attempting to log with Putty.
Answer: Follow the steps below in order to resolve this issue.
1. Generate your Public and Private Keys using Putty Gen
2. Export they Public Key to the Server
3. Create ~/.ssh directory
4. Give it permission of 700
5. Inside the .ssh folder, create authorized_keys file
6. Give it permission of 600
7. [Important] do sudo nano authorized_keys and type
ssh-rsa PASTEYOURpublicKeyInHere rsa-key-SomeNumbers
Rember all should be on one line, if you have muiltiple lines with the Public key it won't work
8. Restart the ssh Service by "sudo service ssh restart"
9. Try to log in the Server using your private key.
[Important]: Allow only known IP Address to access the Server otherwise, you will have un invited guest trying to brute force their way in the Server. You can do this by only allow IP Range through the FireWall.
[Important]: Edit /etc/hosts.allow file and add IP Addresses you are expecting to access the Server like so:
sshd : YourIPAddress
How to Restrict an SFTP User to only access certain folders
1. Create a folder by using a chroot command (When you use a chroot command to create a folder, you are telling the System to make that folder a shallow System folder that can act as a root starting point)
2. The folder that you will create using a chroot command will be owned by a root user and root group.
3. Jail the User to a folder, when they log in they will not be able to do anything else in other folders
- Open sshd_config file located in /etc/ssh/sshd_config and add the lines of code below:
Match User dav
AllowTcpForwading no #This prevents the user from starting a shell in a root mode or admin mode
AuthorizedKeysFile /LocationOftheFolder/.ssh/authorized_keys #This allows user to log into the server with only private keys, no password allowed
[NB] In order to create different public keys for different users, generate private and public key and store public keys in the location specified in the
You can create those Match User or Match Group code blocks depending on the users who would be accessing the folders
4. Restart the ssh Service by this command:
sudo service ssh restart