SSH Key On Linux
SSH key identify trusted computers, without the need of passwords. One immediate advantage this method has over traditional password authentication is that you can be authenticated without having to send your password over the network offering additional security,
Generating an SSH key pair
The first step is to generate the SSH key pair on your computer
ssh-keygen -t rsa -b 4096
- Setup a name to your SSH key file. (I suggest to use id_rsa)
- Setup a password. (keep it safe you will need it)
Copy the SSH public key in remote server
cat id_rsa.pub.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Make sure the .ssh directory and authorized_keys file has 700 permissions
Copy the id_rsa.pub file to the remote server, login to the remote server, go to your user home directory then create the .ssh directory, move the id_rsa.pub to .ssh directory but change its name to authorized_keys and finally set permissions.
scp id_rsa.pub [email protected]:/home/user ssh [email protected] cd /home/user mkdir -p .ssh mv id_rsa.pub .ssh/authorized_keys chmod -R 700 .ssh
ssh-copy-id is a script that uses ssh to log into a remote machine, it also changes the permissions of the remote user’s home, ~/.ssh, and ~/.ssh/authorized_keys.
ssh-copy-id [email protected]
On OSX this command will not work by default so 0pen your terminal and run the following command:
Test you SSH Key
ssh [email protected] -i id_rsa
Only the first time you login you must specify SSH key and you will be prompted for a passphrase.
Then you can simply use:
ssh [email protected] OR ssh server (If your user is the same here and there!)
Disable the password for root login
Ensured that you can log in with the SSH keys alone, you can go ahead and restrict the root login to only be permitted via SSH keys. In order to do this, open up the SSH config file:
sudo vim /etc/ssh/sshd_config
Also read Vim For Dummies
Within that file, find the line PermitRootLogin and modify it to ensure that users can only connect with their SSH key.
And restart ssh service:
/etc/init.d/sshd restart (CentOS/RHEL/Fedora) /etc/init.d/ssh restart (Debian/Ubuntu)