In the early 90s, IT professionals were using Telnet for data transfer which was an application layer protocol and used to transfer data without encryption. Later a secured alternative of Telnet SSH was created which encrypts the data so that others cannot retrieve it without access.
SSH or Secure Socket Shell is a network protocol used to access a system or server remotely in a secured way. It is an application layer protocol and it enables you to access another machine without physical access remotely via the internet. With SSH you can issue remote commands, transfer files, connect to remote servers, and can communicate between two computers in an encrypted way.
You can log in to your remote SSH server by types:
- Password Authentication
- Public Key Authentication (Passwordless)
Here we will discuss configuring key-based authentication for SSH login.
Step 1 – Generate SSH Key Pair
Firstly you would require generating a key pair (RSA or DSA), you can specify option RSA or DSA key using
'-t' command-line switch. If we do not pass the -t parameter, it will default create a RSA key.
ssh-keygen -t rsa
Follow the quick wizard:
- Enter and accept the default location. You can also select a different filename and location.
- Next, you will be asked for a passphrase. It depends on you that if you want it or not. If you do not want it then press Enter otherwise enter a passphrase for an extra layer of security. Also, not using a passphrase will help you in automating a lot of tasks.
- Hit Enter and your keys will be created.
Now, you can see the generated key files with the following command.
ls -l .ssh/
Step 2 – Copy Public Key to Remote System
~/.ssh/authorized_key is the file responsible for keeping public keys of remote clients. During the key-based authentication, the system checks for the public keys in the same file.
You can simply copy the content of public-key (file with .pub extension) from your system to the authorized_key file on the remote server. Otherwise, let it be done by running the following command.
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.10.20
Output:21 [email protected]'s password: Now try logging into the machine, with "ssh '192.168.10.20'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
You will be asked for the remote_user password. Once you enter the correct password, the public key will be stored in the remote server.
Step 3 – Verify SSH without Password
Now as we have all done, simply try to ssh to the remote system. You will log in to the remote system without entering the password.
You should log in automatically now, without prompting for the password. If in case, the system is prompted for the password, means the key is not correctly copied on the destination server. To resolve this, check the key is properly appended to the authorized_key file and its permissions.
In this tutorial, you have learned to create SSH key pair and configure key-based login between two systems.