SSH Secure Shell is a network protocol, its primary purpose is to allow you to securely connect to a remote system over a network. Using SSH you can connect to the remote system using username and password based authentication or using a key-based authentication. In this tutorial, you will learn to setup key-based authentication on a Linux based system.
Why use key-based authentication, what are the advantages?
- Public key authentication is more secure than password-based authentication
- Make it difficult for hackers to break into your system due to a weak password
- Another layer of security is available by adding a passphrase, as it can be left out blank
- Forcing key authentication allows you to disable password authentication which in effect prevents brute force attacks
Steps to setup key-based authentication on a Linux computer
Step 1. Generate SSH Key Pair on the client machine
On the client machine run the following commands to generate SSH keys:
When asked for passphrase, leave it blank or enter your desired passphrase. Having a passphrase makes automation difficult for some of the processes.
Output of the above command will look something like the following:
[email protected]:~/.ssh$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/amritpal-box/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/amritpal-box/.ssh/id_rsa. Your public key has been saved in /home/amritpal-box/.ssh/id_rsa.pub. The key fingerprint is: SHA256:yoCV94M5WOw7HVFXm+LxlVHYZ9usgmfU/SbIS3eyc9g [email protected] The key's randomart image is: +---[RSA 2048]----+ | . ...+o| | o . . .o*| | o + . o.o==| | o = + . ..+.o+| | . o = S +.....| | o = o. B = +| | = . + + O | | . . + E| | o | +----[SHA256]-----+ [email protected]:~/.ssh$
Step 2: On server machine create an SSH folder
Step 3: Copy public key file from client to the server machine
Run the following command on the client machine to secure copy id_rsa.pub file to the remote machine:
Step 4: On server machine append public key to authorized keys file
Step 5: On server machine change authorized keys file permissions
Step 6: Successfully done, test your result
On the client machine run the following command to verify correctly logging onto server machine using private SSH key: