SSH key identify trusted computers, without the need of passwords. One immediate advantage this method has over traditional password authentication is that you can be authenticated without having to send your password over the network offering additional security,

Generating an SSH key pair

The first step is to generate the SSH key pair on your computer

ssh-keygen -t rsa -b 4096

Setup a name to your SSH key file. (I suggest to use id_rsa )

) Setup a password. (keep it safe you will need it)

Copy the SSH public key in remote server

Method 0ne:

cat id_rsa.pub.pub | ssh user@server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Make sure the .ssh directory and authorized_keys file has 700 permissions

Method two:

Copy the id_rsa.pub file to the remote server, login to the remote server, go to your user home directory then create the .ssh directory, move the id_rsa.pub to .ssh directory but change its name to authorized_keys and finally set permissions.

scp id_rsa.pub user@server:/home/user ssh user@server cd /home/user mkdir -p .ssh mv id_rsa.pub .ssh/authorized_keys chmod -R 700 .ssh

Method three

ssh-copy-id is a script that uses ssh to log into a remote machine, it also changes the permissions of the remote user’s home, ~/.ssh, and ~/.ssh/authorized_keys.

ssh-copy-id user@server

On OSX this command will not work by default so 0pen your terminal and run the following command:

curl -L https://raw.githubusercontent.com/beautifulcode/ssh-copy-id-for-OSX/master/install.sh | sh

Test you SSH Key

ssh user@server -i id_rsa

Only the first time you login you must specify SSH key and you will be prompted for a passphrase.

Then you can simply use:

ssh user@server OR ssh server (If your user is the same here and there!)

Optional Configuration

Disable the password for root login

Ensured that you can log in with the SSH keys alone, you can go ahead and restrict the root login to only be permitted via SSH keys. In order to do this, open up the SSH config file:

sudo vim /etc/ssh/sshd_config

Also read Vim For Dummies

Within that file, find the line PermitRootLogin and modify it to ensure that users can only connect with their SSH key.

PermitRootLogin without-password

And restart ssh service:

/etc/init.d/sshd restart (CentOS/RHEL/Fedora) /etc/init.d/ssh restart (Debian/Ubuntu)