DEV Community

Cover image for Set up SSH Key Authentication
Teniola
Teniola

Posted on

2

Set up SSH Key Authentication

Continuing on my DevOps journey, I dove deeper into practical tasks that strengthened my skills in Linux server management, security, and automation. I set up SSH key authentication, secured Nginx with SSL/TLS, and implemented best practices for web server security. Exploring load balancing, I configured Nginx to distribute traffic for high availability. Documenting these steps keeps my journey purposeful and impactful.

Generate an SSH key pair on your local machine:

ssh-keygen -t rsa -b 4096 -C "test2@gmail.com"
Enter fullscreen mode Exit fullscreen mode

Copy the public key to the remote server:

ssh-copy-id user@remote_server_ip
Enter fullscreen mode Exit fullscreen mode

Test the connection:

ssh user@remote_server_ip
Enter fullscreen mode Exit fullscreen mode

Confirm no password is requested.
Disable Password Authentication for SSH:

Open the SSH configuration file on the remote server:

sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode

Modify or add the following lines:
yaml

PasswordAuthentication no
PubkeyAuthentication yes
Enter fullscreen mode Exit fullscreen mode

Restart the SSH service:

sudo systemctl restart sshd
Enter fullscreen mode Exit fullscreen mode

Web Server Security
Enhance Nginx Security with SSL/TLS:

Install Certbot and request a free SSL certificate:

sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
Enter fullscreen mode Exit fullscreen mode

Verify SSL is working:

https://yourdomain.com
Enter fullscreen mode Exit fullscreen mode

Implement Security Best Practices:

Update Nginx:

sudo apt update && sudo apt upgrade
Enter fullscreen mode Exit fullscreen mode

Set up HTTP to HTTPS redirection:
nginx

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$host$request_uri;
}
Enter fullscreen mode Exit fullscreen mode

Limit buffer size and request rate:
nginx

client_max_body_size 10M;
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=5r/s;
Enter fullscreen mode Exit fullscreen mode

Load Balancing
Basic Load-Balancing Concepts:

Distribute incoming traffic across multiple servers.
Ensure high availability and fault tolerance.
Set Up Nginx as a Simple Load Balancer:

Edit the Nginx configuration file:
nginx

upstream backend {
    server backend1.example.com;
    server backend2.example.com;
}
server {
    listen 80;
    server_name yourdomain.com;
    location / {
        proxy_pass http://backend;
    }
}
Enter fullscreen mode Exit fullscreen mode

Test the configuration:

sudo nginx -t
sudo systemctl reload nginx
Enter fullscreen mode Exit fullscreen mode

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

đź‘‹ Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay