SSH keys are an easy and extremely secure way of logging into your server. This is a better alternative than a simple plain password.

The SSH authentication works using two cryptographically secure keys to authenticate a client to an SSH server.

How to create SSH Keys

Generate an SSH key pair on your local computer

To generate an SSH key pair you can use ssh-keygen, a tiny tool already included in each Linux distribution.

In a terminal, you’ll have to type:

ssh-keygen

And it will output the next message where you can use other path for the main key:

Generating public/private rsa key pair. Enter file in which to save the key (/home/username/.ssh/id_rsa):

The main key is called id_rsa and the public one will be id_rsa.pub . By default, the keys will be stored in the ~/.ssh directory.

/home/username/.ssh/id_rsa already exists. Overwrite (y/n)?

If the above message will be prompted, it means that you already have a generated key. If you’ll replace it, you will not be able to authenticate using the previous key anymore.

You will be prompted to use a passphrase for the key. If you don’t need better encryption, you can press enter. It is an optional step.

Your identification has been saved in /home/username/.ssh/id_rsa. Your public key has been saved in /home/username/.ssh/id_rsa.pub. The key fingerprint is: a9:49:2e:2a:5e:33:3e:a9:de:4e:77:11:58:b6:90:26 username@remote_host The key's randomart image is: +--[ RSA 2048]----+ | ..o | | E o= . | | o. o | | .. | | ..S | | o o. | | =o.+. | |. =++.. | |o=++. | +-----------------+

Now you are almost done.

Copy the public key on your server

Connect to your server using SSH and add the content from your local id_rsa.pub to ~/.ssh/authorized_keys on your remote machine.

To view the content of your local id_rsa.pub use the Linux command cat

cat ~/.ssh/id_rsa.pub

The key will look like a long string:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmLmwkzQDjEOW1Rj3TP5NldVDqUODVH9xuYrkeaSkxtdP J8D9Hz+XAWnJDAdaIkCVOw2YEfHKWSo6befgNxiS+AKS+S+wM/bJpc4qOLe5ozFjZPNRHcw5O8WkgP5g /wg2BOvxBqSKpsSzvi4rYVRLtl7TLVMyajhELiJ9GqT8f25gr3jFmtuQQIkRES1aC4oL2tHsn529POfP 1lPhh5tb2FbqEpm9L3779ljjkSX8Ba4zza3zUckkuAIb5R7KSOrvPnJaEU903hrI0tx5omGyDy+h/2D1 h0aqHanPcU9Ml91ZpMKdpa0+FeVgs2M3LHYTNnvZ76ScV2VtUQwm3YEvjw== demo@techwetrust

Now, copy its content and paste it at on a new line in the following file ~/.ssh/authorized_keys

You can use nano editor or vim :

nano ~/.ssh/authorized_keys vim ~/.ssh/authorized_keys

Authenticate to your server using SSH Keys

You’ll have to reconnect to your server using the same process with ssh:

ssh username@remote_host

Conclusion

If you followed each step, the ssh authentication was without using the plain password.

Now you have SSH key-base authentication configured and running on your server.

Related