Welcome back to the second part of securing your Linux Server. 

I won't talk about becoming a witness, or what a witness is, until I actually get to that part of the setup myself. This is about securing a server first. Sorry for mentioning the journey to becoming a witness too early, in the first post. So, I'm not becoming a witness yet. I'll mention it again when I actually get there ;)

As mentioned in [Part 1](https://steemit.com/witness-category/@krnel/setting-up-a-linux-vps-securely-pt-1-join-me-on-my-journey-to-become-a-witness), this part will deal with SSH keys to make your server even more secure.

### Let's get it on!

---
# Public and Private Keys for SSH

Again being on Windows, grab the [PuttyGen.exe](https://the.earth.li/~sgtatham/putty/latest/x86/puttygen.exe) software. Click on that link and it will download. Open the program, nothing is installed.

<center><img src="http://www.steemimg.com/images/2016/11/26/generate-keyed3d7.png" alt="generate-keyed3d7.png" border="0"></center>

Click on ```Generate```, and move your mouse around the blank area under the status/progress bar. You will see the bar fill up as you move your mouse around. Keep going until the key is generated.

After that, you will get your keys. Copy the "Public key for pasting" into a file, call it pub_key.txt. Next, put in a "Key passphrase" if you want some extra security, but if you're the only one connecting to your server then it's not that big of a deal. Then click "Save public key", call it "pub_key". Then click "Save private key", and save it as "private.ppk".

<center><img src="http://www.steemimg.com/images/2016/11/26/generate-save724f2.png" alt="generate-save724f2.png" border="0"></center>

So if you saved them like I named them, you will have three files:

> pubkey.txt
> pub_key
> private.ppk

---
# Install public key on server

Now that the keys have been generated on your local computer, it's time to upload the public key to the server so you can connect with it.

Open putty, load the profile, and Open the connection. Put your user password, and login. Remember, we're no longer logging in as root.

Do the follow commands

1. ```mkdir ~/.ssh```
Make a hidden user directory

2. ```chmod 700 ~/.ssh```
Modify the folder access

3. ```cd ~/.ssh```
Go into the folder

4. ```nano authorized_keys```
Create a file for the key, it has to be this name

5. Open "public_key.txt" from before and copy it's contents. Then paste those contents into putty that has the file "authorized_keys" open. Save and close the file: ctrl+o or just ctrl+x and save the file before exiting.

6. ```chmod 600 authorized_keys```
Set file access on thr public key so no other users can access it, except for root

<center><img src="http://www.steemimg.com/images/2016/11/26/ssh-dir962eb.png" alt="ssh-dir962eb.png" border="0"></center>

---
# Disable password logins

Open the sshd_config file:

```sudo nano /etc/ssh/sshd_config```

Scroll down with the arrow key, or hit Page Down twice, to find ```PasswordAuthentication yes```

Change the "yes" to "no":

```PasswordAuthentication no```

Then restart the service:

```sudo service ssh restart```

<center><img src="http://www.steemimg.com/images/2016/11/27/ssh-password-yes4cfc3.png" alt="ssh-password-yes4cfc3.png" border="0"></center>

# Test SSH login with a key, instead of password

Open putty, and load your profile. Go to the left panel section, and go to the "Auth" section shown here:

<center><img src="http://www.steemimg.com/images/2016/11/26/putty-authfb735.png" alt="putty-authfb735.png" border="0"></center>

Next, click "Browse" to find the "private.ppk" file we saved earlier.

<center><img src="http://www.steemimg.com/images/2016/11/27/putty-private-leyd7a70.png" alt="putty-private-leyd7a70.png" border="0"></center>

The last thing to do is "Save" your profile in putty so that you don't need to do this again. Go to the top to "Session" and you can save again.

<center><img src="http://www.steemimg.com/images/2016/11/27/putty-savec88d4.png" alt="putty-savec88d4.png" border="0"></center>

And then just click "Open" to connect with your new SSH key.

If you are prompted to accept a key, click "Yes".

If you set a passphrase for your key earlier, then this when time you need to use it. If you didn't put a passphrase, then you login without using a password, and it's still more secure being it uses private-public keys.

<center><img src="http://www.steemimg.com/images/2016/11/27/rsa-prompt88d00.png" alt="rsa-prompt88d00.png" border="0"></center>

# Remove IPv6 listening

Since no one really uses IPv6 yet, disable this and make one less thing your system is checking for.

```AddressFamily inet``` needs to be added.

You can add this manually to the end of the sshd_config file @ ```nano /etc/ssh/sshd_config```.

Or just run:

```echo 'AddressFamily inet' | sudo tee -a /etc/ssh/sshd_config```

If you ever need IPv6 SSH back, remove that line.

Finish with a restart of SSH:

```sudo service ssh restart```


---
# Done!

- [Setting Up A Linux VPS Securely (Pt.1)](https://steemit.com/witness-category/@krnel/setting-up-a-linux-vps-securely-pt-1-join-me-on-my-journey-to-become-a-witness)

---
#### Thank you for your time and attention! I appreciate the knowledge reaching more people. Take care. Peace.

<center><img src="http://i.imgur.com/LwhouOq.gif" /><img src="http://i.imgur.com/X7bllkJ.png" /> <strong>Payout Selected</strong></center>

---
If you appreciate and value the content, please consider:
Upvoting <img src="https://www.steemimg.com/images/2016/08/30/upvote91a69.png" alt="upvote91a69.png" /> ,&nbsp;&nbsp;&nbsp;&nbsp;Sharing <img src="https://www.steemimg.com/images/2016/08/30/share2195b.png" alt="share2195b.png" /> **and** &nbsp;&nbsp;Reblogging <img src="https://www.steemimg.com/images/2016/09/19/reblog33b5f.png" alt="reblog33b5f.png" /> **below**.

[![Follow](https://www.steemimg.com/images/2016/08/30/follow2be5e.png)](https://steemit.com/@krnel) me for more content to come!

---
@krnel
2016-11-28, 6:10am