SSH keys are an easy and extremely secure way of logging into your server. This is a better alternative than a simple plain password.
The SSH authentication works using two cryptographically secure keys to authenticate a client to an SSH server.
How to create SSH Keys
Generate an SSH key pair on your local computer
To generate an SSH key pair you can use ssh-keygen, a tiny tool already included in each Linux distribution.
In a terminal, you’ll have to type:
ssh-keygen
And it will output the next message where you can use other path for the main key:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
The main key is called id_rsa
and the public one will be id_rsa.pub
. By default, the keys will be stored in the ~/.ssh
directory.
/home/username/.ssh/id_rsa already exists.
Overwrite (y/n)?
If the above message will be prompted, it means that you already have a generated key. If you’ll replace it, you will not be able to authenticate using the previous key anymore.
You will be prompted to use a passphrase for the key. If you don’t need better encryption, you can press enter. It is an optional step.
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
a9:49:2e:2a:5e:33:3e:a9:de:4e:77:11:58:b6:90:26 username@remote_host
The key's randomart image is:
+--[ RSA 2048]----+
| ..o |
| E o= . |
| o. o |
| .. |
| ..S |
| o o. |
| =o.+. |
|. =++.. |
|o=++. |
+-----------------+
Now you are almost done.
Copy the public key on your server
Connect to your server using SSH and add the content from your local id_rsa.pub
to ~/.ssh/authorized_keys
on your remote machine.
To view the content of your local id_rsa.pub
use the Linux command cat
cat ~/.ssh/id_rsa.pub
The key will look like a long string:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmLmwkzQDjEOW1Rj3TP5NldVDqUODVH9xuYrkeaSkxtdP
J8D9Hz+XAWnJDAdaIkCVOw2YEfHKWSo6befgNxiS+AKS+S+wM/bJpc4qOLe5ozFjZPNRHcw5O8WkgP5g
/wg2BOvxBqSKpsSzvi4rYVRLtl7TLVMyajhELiJ9GqT8f25gr3jFmtuQQIkRES1aC4oL2tHsn529POfP
1lPhh5tb2FbqEpm9L3779ljjkSX8Ba4zza3zUckkuAIb5R7KSOrvPnJaEU903hrI0tx5omGyDy+h/2D1
h0aqHanPcU9Ml91ZpMKdpa0+FeVgs2M3LHYTNnvZ76ScV2VtUQwm3YEvjw== demo@techwetrust
Now, copy its content and paste it at on a new line in the following file ~/.ssh/authorized_keys
You can use nano
editor or vim
:
nano ~/.ssh/authorized_keys
vim ~/.ssh/authorized_keys
Authenticate to your server using SSH Keys
You’ll have to reconnect to your server using the same process with ssh:
ssh username@remote_host
Conclusion
If you followed each step, the ssh authentication was without using the plain password.
Now you have SSH key-base authentication configured and running on your server.