DEV Community

Cover image for Set up SSH Key Authentication
Teniola
Teniola

Posted on

2

Set up SSH Key Authentication

Continuing on my DevOps journey, I dove deeper into practical tasks that strengthened my skills in Linux server management, security, and automation. I set up SSH key authentication, secured Nginx with SSL/TLS, and implemented best practices for web server security. Exploring load balancing, I configured Nginx to distribute traffic for high availability. Documenting these steps keeps my journey purposeful and impactful.

Generate an SSH key pair on your local machine:

ssh-keygen -t rsa -b 4096 -C "test2@gmail.com"
Enter fullscreen mode Exit fullscreen mode

Copy the public key to the remote server:

ssh-copy-id user@remote_server_ip
Enter fullscreen mode Exit fullscreen mode

Test the connection:

ssh user@remote_server_ip
Enter fullscreen mode Exit fullscreen mode

Confirm no password is requested.
Disable Password Authentication for SSH:

Open the SSH configuration file on the remote server:

sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode

Modify or add the following lines:
yaml

PasswordAuthentication no
PubkeyAuthentication yes
Enter fullscreen mode Exit fullscreen mode

Restart the SSH service:

sudo systemctl restart sshd
Enter fullscreen mode Exit fullscreen mode

Web Server Security
Enhance Nginx Security with SSL/TLS:

Install Certbot and request a free SSL certificate:

sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
Enter fullscreen mode Exit fullscreen mode

Verify SSL is working:

https://yourdomain.com
Enter fullscreen mode Exit fullscreen mode

Implement Security Best Practices:

Update Nginx:

sudo apt update && sudo apt upgrade
Enter fullscreen mode Exit fullscreen mode

Set up HTTP to HTTPS redirection:
nginx

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$host$request_uri;
}
Enter fullscreen mode Exit fullscreen mode

Limit buffer size and request rate:
nginx

client_max_body_size 10M;
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=5r/s;
Enter fullscreen mode Exit fullscreen mode

Load Balancing
Basic Load-Balancing Concepts:

Distribute incoming traffic across multiple servers.
Ensure high availability and fault tolerance.
Set Up Nginx as a Simple Load Balancer:

Edit the Nginx configuration file:
nginx

upstream backend {
    server backend1.example.com;
    server backend2.example.com;
}
server {
    listen 80;
    server_name yourdomain.com;
    location / {
        proxy_pass http://backend;
    }
}
Enter fullscreen mode Exit fullscreen mode

Test the configuration:

sudo nginx -t
sudo systemctl reload nginx
Enter fullscreen mode Exit fullscreen mode

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay