Introduction
Secure shell/SSH is an encrypted protocol used to administer and communicate with servers securely. Usually, to login into a server we use passwords, which is the not too secure way to communicate with servers. Lets see about SSH-Key Based Authentication which is the most secure way to connect to your servers.
When working on a Linux servers, normally you will spend most of your time using terminal session connected to your server using SSH.
There are different ways to login to SSH server. In this guide, we'll focus on setting up SSH keys. SSH keys provide an easy, yet an extremely secure way of logging into your server. Normally, we recommend the same for all our clients.
How To Create SSH Keys
The first step for configuring SSH-key based authentication on your server is to generate an SSH key pair on your local computer.
To do this, we can use a special utility like ssh-keygen
On your local computer, generate an SSH key pair by typing:
ssh-keygen
This will prompt you to select a location for the keys that generates. By default, the keys will store in the ~/.ssh
directory within your user's home directory. The private key will be known as id_rsa
and the associated public key will be known as id_rsa.pub
. The output will be as below
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
a9:49:2e:2a:5e:33:3e:a9:de:4e:77:11:58:b6:90:26 username@remote_host
The key's randomart image is:
+--[ RSA 2048]----+
| ..o |
| E o= . |
| o. o |
| .. |
| ..S |
| o o. |
| =o.+. |
|. =++.. |
|o=++. |
+-----------------+
How To Copy a Public Key to your Server
Now you need to add the generated ssh key to your remote server using below command
ssh-copy-id -i .ssh/idkey based authentication_rsa.pub root@xxx.xx.xx.xxx
Now login to your remote server in this case "xxx.xx.xx.xxx"
You will find the .ssh folder at /root(/root/.ssh) and in .ssh folder your public key should be copied with name "authorized_keys". That's it you can now log in to your remote server without the password.
Now you need to modify few settings in ssh configuration of remote host i.e"xxx.xx.xx.xxx". Login to remote host and open ssh configuration file at "vi /etc/ssh/sshd_congfig" and start updating the settings as below.
=====
PermitRootLogin without-password
PasswordAuthentication no
AuthorizedKeysFile .ssh/authorized_keys
===
Conclusion
SSH-Key Based Authentication, is one of the most secure ways to connect your server using shell. It pulls all your worries to remember your passwords and store them securely. This process allows you to sign in without any passwords.