MyBook Live - Harden SSH

To improve security, you can disable password authentication for SSH and use public key authentication instead. Recommended if your MyBook Live's SSH port will be visible to the internet.

Overview

  • Create a new key pair on your MyBook Live (MBL).
  • Add the public key to the authorized_keys file on your MBL.
  • Download the private key to your local machine.
  • Confirm that you can successfully log in using the private key.
  • Disable password authentication on your MBL.

Prerequisites

You can successfully connect to your MBL via SSH.

Step-by-step

1. Connect to your MyBook Live using SSH and log in as root with your password.

2. Generate a key pair by running the command:

ssh-keygen

You can accept the default location by pressing enter.

3. ssh-keygen will generate a private key file and a public key file. Add the public key to your authorized_keys file with:

 cat /root/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

4. You now need to move the private key file to your local machine, e.g. by connecting via SFTP. Or you could move the key file to your public share with:

mv /root/.ssh/id_rsa /shares/Public/

Be sure to delete the private key from your Public share once you have copied it to your local machine.

5. You should now close your SSH session and try to reconnect using your private key. If you are using PuTTY you will need to follow these instructions to convert the private key into the format PuTTY understands.

6. Once you have established that you can log in successfully using public key authentication, it is safe to disable password authentication by adding the following line to your configuration file:

"PasswordAuthentication no" >> /etc/ssh/sshd_config
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License