SSH key authentication is a secure method of logging into an SSH server without needing to enter a password. It relies on the use of a pair of cryptographic keys: a private key (kept secret) and a public key (shared with the server). This lesson guides you on how to set up SSH key authentication and login to the server without password.
Generate SSH Key Pair
First, you need to generate an SSH key pair if you don’t already have one. Open your terminal and run the following command to generate a new SSH key pair:bashCopy codessh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa
-t rsa
: Specifies the type of key to create (RSA).-b 2048
: Sets the key length to 2048 bits (you can use higher values for stronger security).
-f ~/.ssh/id_rsa
: Specifies the file name for the generated key pair (the default location is ~/.ssh/id_rsa
).
During key generation, you can choose to set a passphrase for added security, but it’s optional. A passphrase adds an extra layer of protection to your private key.
Copy the Public Key to the Server
Next, you need to copy your public key to the server you want to access via SSH. You can do this manually or by using the ssh-copy-id
command.
Replace <username>
and <hostname>
with your server’s username and hostname:bashCopy codessh-copy-id <username>@<hostname>
If you prefer to do it manually, you can append the contents of your public key (~/.ssh/id_rsa.pub
) to the ~/.ssh/authorized_keys
file on the remote server:bashCopy codecat ~/.ssh/id_rsa.pub | ssh <username>@<hostname> 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
Make sure the ~/.ssh
directory on the remote server has proper permissions (usually 700), and the ~/.ssh/authorized_keys
file should have permissions set to 600.
Test SSH Key Authentication
You can now test SSH key authentication by attempting to SSH into the remote server:bashCopy codessh <username>@<hostname>
If you set a passphrase for your private key, you’ll be prompted to enter it. Otherwise, you should be logged in without being asked for a password.
Disabling Password Authentication
For enhanced security, it’s a good practice to disable password-based authentication once you’ve confirmed that SSH key authentication is working. You can do this by modifying the SSH server’s configuration (typically located in /etc/ssh/sshd_config
).
Set PasswordAuthentication
to no
.Reload the SSH server: sudo service ssh reload
or sudo systemctl reload ssh
.This ensures that SSH access can only be obtained using the authorized SSH key.
SSH key authentication is a secure and convenient way to access remote servers, and it’s widely used for server administration and secure file transfers. Just remember to protect your private key and use passphrases for added security.
The lesson guides you on the Linux server environment. If you’re using Windows, you can use an SSH client like PuTTY or Windows Subsystem for Linux (WSL) to follow similar steps.