How to Setup Key-based SSH Authentication in Linux

In this guide, we’ll walk you through the process of setting up key-based SSH authentication to enhance the security of your server connections. By the end of this article, you’ll have a better understanding of what SSH keys are, why they’re important, and how to use them effectively.

What is SSH?

SSH, or Secure Shell, is a protocol used to securely connect to remote servers and devices. It’s commonly used by system administrators to access servers, transfer files, and run commands on remote machines and by developers to access code repositories. SSH provides a secure way to communicate and perform tasks over a network, protecting data from unauthorized access.

Advertisement

Why Use Key-based SSH Authentication?

By default we used username and password for SSH authentication, which can be vulnerable to brute force attacks and password theft. The key-based authentication doesn’t require to enter username and password. Instead of this it uses a pair of cryptographic keys: a private key and a public key. The private key stays on your computer, while the public key is placed on the server. When you connect, the server checks the keys to allow access, making it much more secure than using a password.

This key-based authentication method is much more secure because:

• It eliminates the need for passwords.
• It helps us to avoid brute force attacks.
• Also this can be paired with passphrases for additional security.

Steps to Setup Key-based SSH Authentication

Here is the step-by-step instructions to setup key-based SSH authentication between two remote systems.

Step 1: Generating SSH Keys

The first method is to generate SSH keys, you can use the following command in your terminal (Linux and macOS) or Git Bash (Windows):

ssh-keygen -t rsa -b 4096

This command will generate a 4096-bit RSA key pair. Follow the prompts to save the keys in the default location and optionally add a passphrase for extra security.

Step 2: Copying the Public Key to Your Server

Once you have generated your keys, you need to copy the public key to the server. You can do this using the ssh-copy-id command:

ssh-copy-id username@server_ip_address

If you don’t have ssh-copy-id installed, you can manually copy the public key by connecting to the server and adding the key to the ~/.ssh/authorized_keys file:

cat ~/.ssh/id_rsa.pub | ssh username@server_ip_address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Step 3: Connect to Remote System

After copying the public key to your server, you can connect using SSH without a password:

ssh username@server_ip_address

If you set a passphrase for your private key, you will be prompted to enter it. Otherwise, you’ll be logged in automatically.

Additional Security Tips

Along with the key-based authentication, you should also consider the following to enhanced your server security from unauthorized access.

• Disable password authentication: Edit the /etc/ssh/sshd_config file on your server and set PasswordAuthentication to no.
• Use a passphrase: Always set a passphrase for your private key to add an extra layer of security.
• Keep your private key safe: Never share your private key with anyone and also avoid storing it in insecure locations.
• Rotate keys: You should regenerate new SSH keys and delete previous to avoid any potential security vulnerabilities.

Online SSH Key Generator Tool

If you need help generating SSH keys, you can use online tools like the SSH Key Generator. This tool simplifies the process and ensures you get a strong key pair for your secure connections.

Conclusion

In this tutorial, you have learned about generating ssh keys and configure key-based authentication. It is an important step to secure your server connections with key-based SSH authentication. This method makes your connections safer and logging in easier. Keep your keys safe, update them regularly, and enjoy better security.