Configuration of SSH Key Authentication on Linux

SSH Key Authentication allows users to SSH into the server without entering their passwords. SSH keys are additionally secure than passwords because the private key used to secure the connection is never shared. Private keys can also be encoded so their content can’t be read as easily. While SSH passwords are not required once keys are set up, passwords for decrypting the private keys locally are as yet required.

To improve the system security even further, you can enforce key-based authentication by disabling the standard password authentication.

PasswordAuthentication no
Generate SSH Key Pair:
We can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.

# ssh-keygen -t rsa
OR
# ssh-keygen -t dsa
After this, you will be presented with a message similar to this:

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
aa:1a:22:51:ee:ee:bc:53:rr:ad:tt:6t:41:a3:55:33 root@maddy.com
The key’s randomart image is:
+–[ RSA 2048]—-+
| .+ |
| + o . o |
| E . = + . |
| o . + * . |
| . S o |
| = o |
| . o . |
| + . |
| . o. |
+—————–+
I have created the key using the passphrase. Also, you can create the key without the passphrase

Copying Public Key
Then we need to copy the public key to our remote server. Here I am choosing the default non-root user as remoteuser but you can use the root user also. Use below command to copy the public key.

# ssh-copy-id maddy@174.40.30.11
Sample Output:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
maddy@174.40.30.11’s password:

Number of key(s) added: 1

Now try logging into the machine, with “ssh ‘maddy@174.40.30.11′”
and check to make sure that only the key(s) you wanted were added.
It will create the authorized_keys file at user .ssh directory.

Note: You can add the public key manually also using following step:

1. Copy the public key.

# cat /root/.ssh/id_rsa.pub
ssh-rsa BBBBdfdddfdzaC1yc2EAAAADAQABAAABAQDkUPtTzfssbKiH9G7UuzXuKUJrlon3iDNvDXFpsdsdstT766sZaAkM/8TVKuKdT4srP/r0lJUoodevc2kIjUw9LqxM/asdasdasdasdasdasdasqCFAu2YIasdaasdasasdsKA1KxZpfhU/asdaerassdfrfdrgddfdf/asdasdasdasdasdasdasdasdas root@maddy.com

2. Access the remote server and follow below steps to copy the public key in user home directory.

# su – maddy
# mkdir .ssh
# chmod 700 .ssh
Now, you can create or modify the authorized_keys file within this directory.

# vim authorized_keys
ssh-rsa BBBBdfdddfdzaC1yc2EAAAADAQABAAABAQDkUPtTzfssbKiH9G7UuzXuKUJrlon3iDNvDXFpsdsdstT766sZaAkM/8TVKuKdT4srP/r0lJUoodevc2kIjUw9LqxM/asdasdasdasdasdasdasqCFAu2YIasdaasdasasdsKA1KxZpfhU/asdaerassdfrfdrgddfdf/asdasdasdasdasdasdasdasdas root@maddy.com

And change the authorized_keys file permission.

# chmod 600 authorized_keys

Access Your Server Using SSH Keys
After completing the above procedure, you should be able to login to the remote host without the remote user’s password.

# ssh dennis@174.40.30.11

Now it will ask the passphrase which we set at the time of creating the public key.

We hope this article will be very helpful you.

Leave a Reply

Your email address will not be published. Required fields are marked *