How To Set Up SSH Keys Authentication On Linux

What is SSH Keys

SSH keys serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. One immediate advantage this method has over traditional password authentication is that you can be authenticated by the server without ever having to send your password over the network. Anyone eavesdropping on your connection will not be able to intercept and crack your password because it is never actually transmitted. Additionally, using SSH keys for authentication virtually eliminates the risk posed by brute-force password attacks by drastically reducing the chances of the attacker correctly guessing the proper credentials.

I — Create the RSA Key Pair

The very first step is to create the key pair on the client machine (there is a good chance that this will just be your computer):

II — Store the Keys and Passphrase

After you generated the key, you will get a few more questions like this. Just hit ENTER key

This step will save the file key to the user home.

It’s up to you whether you want to use a passphrase. Entering a passphrase does have its benefits: the security of a key, no matter how encrypted, still depends on the fact that it is not visible to anyone else. Should a passphrase-protected private key fall into an unauthorized users possession, they will be unable to log in to its associated accounts until they figure out the passphrase, buying the hacked user some extra time. The only downside, of course, to having a passphrase, is then having to type it in each time you use the Key Pair.

The whole entire key generation process will looks like this:

The public key is now located in /home/[your_username]/.ssh/id_rsa.pub

The private key (identification) is now located in /home/[your_username]/.ssh/id_rsa

III — Copy the Public Key

Once the key pair is generated, it’s time to place the public key on the virtual server that we want to use.

You can copy the public key into the new machine’s authorized_keys file with the ssh-copy-id command. Make sure to replace the example username and IP address below.

Alternatively, you can paste in the keys using SSH:

No matter which command you chose, you should see something like:

Now you can go ahead and log into [email protected] and you will not be prompted for a password. However, if you set a passphrase, you will be asked to enter the passphrase at that time (and whenever else you log in in the future).

IV —Disable the SSH Password Login

Once you have copied your SSH keys unto your server and ensured that you can log in with the SSH keys alone, you can go ahead and restrict the root login to only be permitted via SSH keys.

In order to do this, open up the SSH config file:

Within that file, find the line that includes PermitRootLogin and modify it to ensure that users can only connect with their SSH key:

Put the changes into effect:

Source: https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys–2

I'm 26 years old, a web developer from Nha Trang, Viet Nam. I love travelling and listen to rock music all day. This site is where I share my knowledges, my moments and some stuff...Wanna drink some beer? Feel free to contact me at the footer.