• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here:Home » How to Enable PEM Certificate Based SSH Login

By Abhishek Ghosh April 19, 2023 8:22 am Updated on April 19, 2023

How to Enable PEM Certificate Based SSH Login

Advertisement

After following this guide, you’ll get an identity file-based SSH authentication like AWS, HP cloud provides a way to log in. Commonly most of the cloud servers and dedicated servers are delivered with SSH login using the root user account. This is a security risk since any attacker can easily guess the username root and run a dictionary-based attack. The attackers can log in using the root account using different types of methods.

So, it is important to perform a few steps so that we can log in to a non-root user account belonging to the sudoers group using a certificate-based identification system. After a successful login, we can run the sudo su command to gain the root privilege. Usually, we can always log in to the server from the web host’s API-based web terminal. Still, it is mandatory to make sure that we do not loss the root privilege of the server.

 

Create a non-root User and Disable SSH Login of the root User

 

SSH as root user and add a new user with the command:

Advertisement

---

Vim
1
adduser example-name

example-name is an example. You can replace newuser with any username you wish. It can be harry, joe, krishna etc. The adduser command creates a new user, plus a group and home directory for that user.

You may get an error message that you have insufficient privileges. (This typically only happens for non-root users.) The system will add the new user; then prompt you to enter a password. Enter a secure password, then retype it to confirm. You can SSH to the server with this username and password but you’ll not gain the root privilege. For that reason, we have to add the new user to the sudoers group:

Vim
1
usermod -aG sudo example-name

Now, open a new terminal window and try to SSH with this username. After login, type sudo su and check whether you can run commands just like the root user. If you can, then move to the next step. Open the SSH configuration file while logged in as this user. Do not keep any SSH session open from the root user account:

Vim
1
nano /etc/ssh/sshd_config

Find the line PermitRootLogin and set it to no:

Vim
1
2
3
...
PermitRootLogin no
...

restart the service:

Vim
1
service sshd restart

Now, you’ll unable to SSH as the root user. This is secure but we will make the system more secure.

 

Setup SSH Login with pem file Without Password

 

Login as this newly created user and run sudo su to gain root privilege. Run these commands:

Vim
1
2
3
mkdir -p ~/.ssh/pem
cd ~/.ssh/pem
ssh-keygen -b 2048 -f identity -t rsa

Hit the Enter key to leave passphare empty. It will generate 2 files in pem dir (identity and identity.pub). Copy public key contents to authorized_keys:

Vim
1
cat identity.pub >> ~/.ssh/authorized_keys

Run a cat command on authorized_keys to verify the content. Now run cat on the private key:

Vim
1
cat ~/.ssh/pem/identity

This is the file you’ll use to SSH to the server. Highlight the content using your mouse and copy it. Paste it on your local computer’s new text file (save it as name.pem, the name can be anything you want). Save a copy on your GitHub private gist, Dropbox Cloud etc as a backup. Set permission for pem on your local copy:

Vim
1
sudo chmod 600 name.pem

First test whether you can SSH with this key to log in:

Vim
1
ssh -i name.pem example-name@server-ip

If you can, then disable the password-based authentication:

Vim
1
nano /etc/ssh/sshd_config

Update PasswordAuthentication from “yes” to “no” as below:

Vim
1
2
3
4
...
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
...

Restart SSH server:

Vim
1
sudo service ssh restart

This will make your server first require the PEM file to log in as your newly created user-name, then you need to type the password after typing sudo su to gain the root privilege. This is a quite secure system for SSH login and is highly recommended by security experts.

In case you need to demonstrate SSH commands, never reveal the username to an untrusted audience. Run sudo su to gain the root privilege and demonstrate. You can always run the whoami command to check what is your username. Later, you can run the last command to quickly check the SSH login history.

If you run this command:

Vim
1
grep "Failed password" /var/log/auth.log

You’ll realize the bulk of brute force attack every day takes place by automated systems. People who write these brute force scripts are quite clever, check the tried user names:

How to Enable PEM Certificate Based SSH Login
Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to How to Enable PEM Certificate Based SSH Login

  • Join/Merge Multiple Log Files For Big Data Analysis

    Here Are The Ways To Join/Merge Multiple Log Files For Big Data Analysis, Store Them To OpenStack Based Cloud Storage And Delete Old Files.

  • Command Prompt Commands : Alphabetical list of all commands in Windows 7

    Command Prompt Commands in Windows 7 provides the user access to 180+ command line commands. Here is a list of 200 Command Prompt Commands in Windows 7.

  • Fix : pam_unix(sushi:auth): authentication failure SSH Flood

    If You Are Under Brute Force Attack. Here is How to Quickly Fix pam_unix(sushi:auth): authentication failure SSH Flood to Terminate Attack.

  • Nginx WordPress Installation Guide (All Steps)

    This is a Full Nginx WordPress Installation Guide With All the Steps, Including Some Optimization and Setup Which is Compatible With WordPress DOT ORG Example Settings For Nginx.

performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is Desktop Publishing (DTP)?June 3, 2023
  • Dynamic WebP Image Delivery in WordPress with Bunny CDNJune 3, 2023
  • Advantages and Disadvantages of Ubuntu Server DistributionJune 2, 2023
  • Typography on the WebJune 2, 2023
  • How to Use JuliaMono Font in Urvanov/Crayon Syntax HighlighterJune 1, 2023
PC users can consult Corrine Chorney for Security.

Want to know more about us?

Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT