How To Configure SSH Key-Based Authentication on a Linux Server

SSH Key-Based Authentication allows users to SSH into the server without entering their passwords. SSH keys are additionally more secure than passwords because the private key used to secure the connection is never shared. Private keys can also be encoded so their content can’t be read as easily. While SSH passwords are not required once keys are set up, passwords for decrypting the private keys locally are as yet required.

SSH Key-Based Authentication

See Also:
1. How to Configure a Chroot Jail for SSH Access in Linux
2. Difference between Telnet and SSH in Linux
3. SSH Interview Questions and Answers
4. Allow/Deny logins via ssh server using PAM module
5. Block SSH Server Attacks Using DenyHosts in CentOS/RHEL 5/6/7
6. How to Enable SSH Login Email Alerts Notification

To improve the system security even further, you can enforce key-based authentication by disabling the standard password authentication.

PasswordAuthentication no

Generate SSH Key Pair:

We can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.

# ssh-keygen -t rsa
OR
# ssh-keygen -t dsa

After this, you will be presented with a message similar to this:

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a6:1a:bf:51:f4:60:bc:53:96:ad:4a:08:41:a3:99:33 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|   .+            |
|   + o .   o     |
|  E .   = + .    |
|   o . + * .     |
|      . S o      |
|       = o       |
|    . o .        |
|     + .         |
|    . o.         |
+-----------------+

I have created the key using the passphrase. Also, you can create the key without the passphrase

Copying Public Key

Then we need to copy the public key to our remote server. Here I am choosing the default non-root user as remoteuser but you can use the root user also. Use below command to copy the public key.

# ssh-copy-id [email protected]

Sample Output:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

It will create the authorized_keys file at user .ssh directory.

Note: You can add the public key manually also using following step:
1. Copy the public key.

# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkUPtTzfssbKiH9G7UuzXuKUJrlon3iDNvDXFpGr+tT766sZaAkM/8TVKuKdT4srP/r0lJUoodevc2kIjUw9LqxM/oEqsH4qCFAu2YInf7cgOX9uVVfxDivhdQgt8gEOX4W198Epq7cwvKvGbxjONCSKVLyEcKMVajKmG20yfNvC9opTgdg47Xzo4WPxA/O89TDrxRfyBBawg4P7d4vYxgIEGJidBsKA1KxZpfhU/v2u2lFVd0YYiJaFZc63AQgLlsYe/8B6hHj2VgYHVH8DyxOv17k/bn9yNoJzu8dZnzUCtd3n2FmgfbJRC2W1wNxOLhlFTfiejloL2rDz2d20vB [email protected]

2. Access the remote server and follow below steps to copy the public key in user home directory.

# su - dennis
# mkdir .ssh
# chmod 700 .ssh

Now, you can create or modify the authorized_keys file within this directory.

# vim authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkUPtTzfssbKiH9G7UuzXuKUJrlon3iDNvDXFpGr+tT766sZaAkM/8TVKuKdT4srP/r0lJUoodevc2kIjUw9LqxM/oEqsH4qCFAu2YInf7cgOX9uVVfxDivhdQgt8gEOX4W198Epq7cwvKvGbxjONCSKVLyEcKMVajKmG20yfNvC9opTgdg47Xzo4WPxA/O89TDrxRfyBBawg4P7d4vYxgIEGJidBsKA1KxZpfhU/v2u2lFVd0YYiJaFZc63AQgLlsYe/8B6hHj2VgYHVH8DyxOv17k/bn9yNoJzu8dZnzUCtd3n2FmgfbJRC2W1wNxOLhlFTfiejloL2rDz2d20vB [email protected]

And change the authorized_keys file permission.

# chmod 600 authorized_keys

Access Your Server Using SSH Keys

After completing the above procedure, you should be able to login to the remote host without the remote user’s password.

# ssh [email protected]

Now it will ask the passphrase which we set at the time of creating the public key.

We hope this article will be very helpful you.

Enjoy it!

No Responses

Leave a Reply

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.