Setting Up a Secure Remote Linux Server on AWS with Multiple SSH Keys

1. Set Up a Remote Linux Server on AWS

1. Create an AWS Account: Sign up at AWS.

2. Launch an EC2 Instance:

   • Go to the EC2 Dashboard and click "Launch Instances."

   • Choose an Amazon Machine Image (AMI), like Ubuntu Server or Amazon Linux.

   • Select an instance type, such as t2.micro for free-tier usage.

   • Set up network settings, making sure port 22 (SSH) is open in the security group.

   • Launch the instance and create an initial SSH key pair to download for the first connection.

2. Create Two New SSH Key Pairs

1. Generate Keys Locally: Run the following command twice to create two separate key pairs:

    ssh-keygen -t rsa -b 4096 -f ~/.ssh/key1
    ssh-keygen -t rsa -b 4096 -f ~/.ssh/key2
   

   Replace key1 and key2 with the filenames you want to use.

2. Add Public Keys to the Server:

   • Connect to the server using the initial SSH key:

       ssh -i <path-to-initial-private-key> ubuntu@<server-ip>
     

   • Add the new public keys to the ~/.ssh/authorized_keys file on the server:

       cat ~/.ssh/key1.pub >> ~/.ssh/authorized_keys
       cat ~/.ssh/key2.pub >> ~/.ssh/authorized_keys
     

3. Test SSH Access with Both Keys

1. Connect using the first key:

    ssh -i ~/.ssh/key1 ubuntu@<server-ip>
   

2. Connect using the second key:

    ssh -i ~/.ssh/key2 ubuntu@<server-ip>
   

4. Configure ~/.ssh/config for Easier Access

1. Edit the SSH config file:

    nano ~/.ssh/config
   

2. Add entries for both keys:

    Host alias1
        HostName <server-ip>
        User ubuntu
        IdentityFile ~/.ssh/key1
   
    Host alias2
        HostName <server-ip>
        User ubuntu
        IdentityFile ~/.ssh/key2
   

3. Save and test:

    ssh alias1
    ssh alias2
   

5. Stretch Goal: Install and set up fail2ban

1. Install fail2ban:

    sudo apt update
    sudo apt install fail2ban
   

2. Configure fail2ban:

   • Copy the default configuration:

       sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
     

   • Edit jail.local to enable the sshd jail and adjust the ban settings:

       [sshd]
       enabled = true
       port = ssh
       maxretry = 5
       bantime = 600
     

   • Restart fail2ban:

       sudo systemctl restart fail2ban
     

3. Check Status:

    sudo fail2ban-client status
   

By following these steps, you will have a secure server that can be accessed using two SSH keys, along with basic protection against brute-force attacks using fail2ban.

References

1. Getting Started with Amazon EC2 Linux Instances
   https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html
   Step-by-step instructions for setting up and managing EC2 instances.

2. AWS Security Groups
   https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
   Learn about configuring security groups to allow SSH (port 22) access.

3. Managing Key Pairs
   https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
   Guide to creating, using, and managing SSH key pairs on AWS.

4. Linux Man Page for ssh-keygen
   https://linux.die.net/man/1/ssh-keygen
   Detailed options and usage examples for generating SSH keys.

5. SSH Config File Simplification
   https://www.ssh.com/academy/ssh/config
   A guide to configuring ~/.ssh/config for easier access to remote servers.

6. Fail2ban Documentation
   https://www.fail2ban.org/wiki/index.php/Main_Page
   Official documentation and community resources for configuring fail2ban.

7. Setting Up Fail2ban on Ubuntu
   https://linuxize.com/post/install-and-configure-fail2ban-on-ubuntu/
   A detailed guide to installing and setting up fail2ban for SSH security.

8. Securing SSH on Ubuntu
   https://ubuntu.com/tutorials/secure-ssh#1-overview
   Best practices for enhancing SSH security on Ubuntu systems.