Guide for Installing AdGuard Home on AlmaLinux 9
In this article, we'll guide you through the process of configuring your AlmaLinux 9 server for secure SSH login using key-pair authentication. This method offers improved security and convenience, making it ideal for servers in homes, offices, or any other environment.
**Step 1: Generate SSH Key Pair on Your Client Machine**
On your local computer, open a terminal and run the following command to create a 4096-bit RSA key pair:
```bash ssh-keygen -t rsa -b 4096 -C "[email protected]" ```
Press Enter to accept the default key save location (`~/.ssh/id_rsa`). Optionally, set a passphrase for added security or press Enter to skip.
**Step 2: Copy the Public Key to AlmaLinux Server**
Use `ssh-copy-id` to copy your public key to the server, replacing `username` and `server-ip`:
```bash ssh-copy-id username@server-ip ```
Alternatively, manually add the contents of your public key (`~/.ssh/id_rsa.pub`) to the server user’s `~/.ssh/authorized_keys` file with correct permissions (`700` for `.ssh` directory and `600` for `authorized_keys`).
**Step 3: Configure SSH Daemon on AlmaLinux**
Edit the SSH server configuration file:
```bash sudo nano /etc/ssh/sshd_config ```
Ensure or add the following lines to enable public key authentication and disable password authentication for stronger security:
``` PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no ```
Consider these optional security enhancements:
``` MaxAuthTries 3 ClientAliveInterval 300 ClientAliveCountMax 1 PermitEmptyPasswords no Ciphers [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr ```
Save and exit.
**Step 4: Restart SSH Service to Apply Changes**
```bash sudo systemctl restart sshd ```
**Step 5: Test SSH Login**
Connect using your private key:
```bash ssh username@server-ip ```
You should log in without being prompted for the user password.
**Step 6: Set Correct Permissions on Private Key File**
On your client machine, ensure the private key file is only readable by you:
```bash chmod 400 ~/.ssh/id_rsa ```
With these steps, you've successfully configured your AlmaLinux 9 server for key-pair authentication, enhancing the security of your SSH login process.
In addition, if you wish to install AdGuard Home, a popular open-source DNS server software for ad blocking across a network, follow separate instructions to update system packages, download and install AdGuard packages from GitHub, open necessary firewall permissions, and install the Adguard application on the server.
In data-and-cloud-computing, the improved security and convenience offered by secure SSH login using key-pair authentication can be beneficial for a server running Alma Linux 9, as it allows network users to log in without being prompted for the user password, contributing to a more secure environment. Additionally, you may opt to use software such as AdGuard Home, a popular open-source DNS server, to filter data across your network, enhancing privacy and performance.
