Extended Security by disabling password authentication - BlueSkyTools/BlueSkyConnect GitHub Wiki

Enhance client security and BlueSkyConnect convenience by using key-based SSH. Further securing your clients by disabling password authentication to allow key-based SSH connections only.

To add your SSH-Key to the clients' known_hosts:

ssh-copy-id -f -I path/to/public-key remote-user@remote-IP-address for example: ssh-copy-id -f -i /Users/$User/.ssh/id_rsa.pub [email protected]

If you want to do this with a connection through BlueSkyConnect:

ssh-copy-id -o 'ProxyCommand ssh -p 3122 admin@blueSkyDomain /bin/nc %h %p' -f -i path/to/public-key -p 22BlueSkyID remote-user@localhost

for example:

ssh-copy-id -o 'ProxyCommand ssh -p 3122 [email protected] /bin/nc %h %p' -f -i .ssh/id_rsa.pub -p 22111 admin@localhost

After this command you need to enter the password for the remote user to store the key. After connecting successfully, you can disable password authentication with this command:

echo -e "\nPasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM no" | sudo tee -a /etc/ssh/sshd_config