Techwetrust

SSH keys are an easy and extremely secure way of logging into your server. This is a better alternative than a simple plain password.

The SSH authentication works using two cryptographically secure keys to authenticate a client to an SSH server.

How to create SSH Keys

Generate an SSH key pair on your local computer

To generate an SSH key pair you can use ssh-keygen, a tiny tool already included in each Linux distribution.

In a terminal, you’ll have to type:

ssh-keygen

And it will output the next message where you can use other path for the main key:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):

The main key is called id_rsa and the public one will be id_rsa.pub. By default, the keys will be stored in the ~/.ssh directory.

/home/username/.ssh/id_rsa already exists.
Overwrite (y/n)?

If the above message will be prompted, it means that you already have a generated key. If you’ll replace it, you will not be able to authenticate using the previous key anymore.

You will be prompted to use a passphrase for the key. If you don’t need better encryption, you can press enter. It is an optional step.

Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
a9:49:2e:2a:5e:33:3e:a9:de:4e:77:11:58:b6:90:26 username@remote_host
The key's randomart image is:
+--[ RSA 2048]----+
|     ..o         |
|   E o= .        |
|    o. o         |
|        ..       |
|      ..S        |
|     o o.        |
|   =o.+.         |
|. =++..          |
|o=++.            |
+-----------------+

Now you are almost done.

Copy the public key on your server

Connect to your server using SSH and add the content from your local id_rsa.pub to ~/.ssh/authorized_keys  on your remote machine.

To view the content of your local id_rsa.pub use the Linux command cat

cat ~/.ssh/id_rsa.pub

The key will look like a long string:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmLmwkzQDjEOW1Rj3TP5NldVDqUODVH9xuYrkeaSkxtdP
J8D9Hz+XAWnJDAdaIkCVOw2YEfHKWSo6befgNxiS+AKS+S+wM/bJpc4qOLe5ozFjZPNRHcw5O8WkgP5g
/wg2BOvxBqSKpsSzvi4rYVRLtl7TLVMyajhELiJ9GqT8f25gr3jFmtuQQIkRES1aC4oL2tHsn529POfP
1lPhh5tb2FbqEpm9L3779ljjkSX8Ba4zza3zUckkuAIb5R7KSOrvPnJaEU903hrI0tx5omGyDy+h/2D1
h0aqHanPcU9Ml91ZpMKdpa0+FeVgs2M3LHYTNnvZ76ScV2VtUQwm3YEvjw== demo@techwetrust

Now, copy its content and paste it at on a new line in the following file ~/.ssh/authorized_keys

You can use nano editor or vim:

nano ~/.ssh/authorized_keys
vim ~/.ssh/authorized_keys

Authenticate to your server using SSH Keys

You’ll have to reconnect to your server using the same process with ssh:

ssh username@remote_host

Conclusion

If you followed each step, the ssh authentication was without using the plain password.

Now you have SSH key-base authentication configured and running on your server.