How to login ssh with private key?

Configure SSH to login with SSH keys instead of a password

Posted by Amritpal Singh on May 09, 2018

SSH Secure Shell is a network protocol, its primary purpose is to allow you to securely connect to a remote system over a network. Using SSH you can connect to the remote system using username and password based authentication or using a key-based authentication. In this tutorial, you will learn to setup key-based authentication on a Linux based system.

Why use key-based authentication, what are the advantages?

  • Public key authentication is more secure than password-based authentication
  • Make it difficult for hackers to break into your system due to a weak password
  • Another layer of security is available by adding a passphrase, as it can be left out blank
  • Forcing key authentication allows you to disable password authentication which in effect prevents brute force attacks

Steps to setup key-based authentication on a Linux computer

Step 1. Generate SSH Key Pair on the client machine
On the client machine run the following commands to generate SSH keys:

cd ~/.ssh
ssh-keygen -t rsa

When asked for passphrase, leave it blank or enter your desired passphrase. Having a passphrase makes automation difficult for some of the processes.

Output of the above command will look something like the following:

[email protected]:~/.ssh$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/amritpal-box/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/amritpal-box/.ssh/id_rsa.
Your public key has been saved in /home/amritpal-box/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:yoCV94M5WOw7HVFXm+LxlVHYZ9usgmfU/SbIS3eyc9g [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|          . ...+o|
|     o   . .  .o*|
|    o + .   o.o==|
|   o = + . ..+.o+|
|  . o = S  +.....|
|     o = o. B = +|
|      = .  + + O |
|       .    . + E|
|               o |
+----[SHA256]-----+
[email protected]:~/.ssh$

Step 2: On server machine create an SSH folder

mkdir -p ~/.ssh/

Step 3: Copy public key file from client to the server machine
Run the following command on the client machine to secure copy id_rsa.pub file to the remote machine:

scp -P "ssh-port" ~/.ssh/id_dsa.pub [email protected]:~/.ssh

Step 4: On server machine append public key to authorized keys file

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Step 5: On server machine change authorized keys file permissions

chmod 700 .ssh
chmod 600 .ssh/authorized_keys
rm .ssh/id_rsa.pub

Step 6: Successfully done, test your result
On the client machine run the following command to verify correctly logging onto server machine using private SSH key:

ssh -P "ssh-port" [email protected]

References
1. https://www.ssh.com/manuals/server-zos-product/55/ch06s02s02.html
2. https://debian-administration.org/article/530/SSH_with_authentication_key_instead_of_password
3. https://devops.profitbricks.com/tutorials/secure-the-ssh-server-on-ubuntu/


0 Comments


Add Comment