SSH (Secure Shell) is an encrypted protocol used to administer and communicate with servers. SSH keys provide a more secure way of logging into a linux server. While a password stands the risk of being finally cracked, SSH keys are rather impossible to translate using brute force. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol.
See Also: Difference between Telnet and SSH in Linux Allow/Deny logins via ssh server using PAM module Block SSH Server Attacks Using DenyHosts in CentOS/RHEL 5/6/7 How to Enable SSH Login Email Alerts Notification SSH Interview Questions and Answers
When we generate a key pair then its create two files public key and private key at home directory of users. You can copy the public key to any server and then unlock it by connecting to it with a client that already has the private key. When we connect the server its private key and public key coordinate and the server access without the need of password. For more security you can protect the private key with a passphrase.
SSH Client Host: 192.168.18.112
SSH Remote Host: 192.168.18.111
Generate SSH Key Pair:
First you need to create the SSH key pair (RSA & DSA) on client machine by passing ‘-t’ parameter in command. If you don’t use ‘-t’ parameter the by default it use RSA.
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/techoism/.ssh/id_rsa): [Press enter key]
Created directory '/home/techoism/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/techoism/.ssh/id_rsa.
Your public key has been saved in /home/techoism/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| o. o.o |
| .. . |
| o . . o|
| E . o .+ |
| . . . o|
| . o o o +..|
| + + |
| +..+ |
Above command will create two file on user home directory.
1. /home/techoism/.ssh/id_rsa [private key]
2. /home/techoism/.ssh/id_rsa.pub [public key]
Create .ssh Directory on Remote Host:
After generating the SSH key pair, now you can create .ssh directory for dennis user using following command.
# ssh firstname.lastname@example.org mkdir -p .ssh
The authenticity of host '192.168.18.111 (192.168.18.111)' can't be established.
RSA key fingerprint is 45:0e:28:11:d6:81:62:16:04:3f:db:38:02:la:22:4e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.18.111' (ECDSA) to the list of known hosts.
email@example.com's password: [Enter Your Password Here]
Copy Generated SSH Key Pair on Remote Host:
Users would be able to copy the generated public key into the authorized_keys file of the remote host using the ssh-copy-id command.
# ssh-copy-id firstname.lastname@example.org
As an alternative, you may copy the generated public key by using SSH command.
# cat /home/techoism/.ssh/id_rsa.pub | ssh email@example.com "cat >> ~/.ssh/authorized_keys"
Set Permissions on Remote Host:
Some time there is different SSH version on servers, so we need to set the permissions on .ssh directory on remote host.
# ssh firstname.lastname@example.org "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
Verify SSH Connection:
Now simply try to SSH from client host to remote host.
# ssh email@example.com
Now It will not prompt the password to log in, If ssh command prompt password then there is an issue in configuration. So you need to configure it again.