How to Set Up and Use SSH Key Authentication on Linux

Facebook
Twitter
LinkedIn
Reddit
Email

Secure Shell (SSH) is a widely used protocol for secure remote access and management of Linux servers. By default, SSH authentication relies on passwords, which can be vulnerable to brute-force attacks. SSH key authentication is a more secure and convenient method that uses public-key cryptography to authenticate users. In this guide, we will show you how to set up and use SSH key authentication on your Linux system.

Steps

Step 1: Open Terminal

Open the terminal by pressing Ctrl + Alt + T on your keyboard or by searching for it in the applications menu.

Step 2: Generate SSH Key Pair

First, you need to generate an SSH key pair, which consists of a private key and a public key. To generate a new key pair, run the following command:

ssh-keygen -t ed25519 -C “your_email@example.com”

This command generates a new Ed25519 key pair, which is considered more secure and efficient than the older RSA key type. You can replace your_email@example.com with your actual email address or any other identifier.

When prompted, choose a location to save the keys (default is ~/.ssh/id_ed25519 for the private key and ~/.ssh/id_ed25519.pub for the public key) and set a passphrase for added security. Make sure to keep your private key safe and secret, as it’s used to authenticate your identity.

Step 3: Copy Public Key to Remote Server

To set up SSH key authentication, you need to copy your public key to the remote server’s authorized_keys file. You can do this using the ssh-copy-id command:

ssh-copy-id -i ~/.ssh/id_ed25519.pub username@remote_server_ip

Replace username with your remote server’s username and remote_server_ip with the IP address or domain of the remote server. If prompted, enter your remote server’s password to complete the process.

Step 4: Test SSH Key Authentication

Now that your public key is on the remote server, you can test SSH key authentication by connecting to the server:

ssh -i ~/.ssh/id_ed25519 username@remote_server_ip

If the setup is successful, you will be logged into the remote server without entering a password. However, if you set a passphrase during key generation, you’ll be prompted to enter it.

Step 5 (Optional): Disable Password Authentication

For added security, you can disable password-based authentication on the remote server, allowing only key-based authentication. To do this, edit the SSH configuration file on the remote server:

sudo nano /etc/ssh/sshd_config

Find the line that contains #PasswordAuthentication yes, uncomment it by removing the #, and change yes to no:

PasswordAuthentication no

Save the file and restart the SSH service:

sudo systemctl restart sshd

Now, only users with authorized SSH keys can access the remote server.

Conclusion

Setting up and using SSH key authentication on Linux is a simple and effective way to enhance the security of your remote connections. By following the steps in this guide, you can create an SSH key pair, set up key-based authentication, and optionally disable password authentication. This will help you protect your Linux system from unauthorized access and make remote management more convenient.

Please Leave Feedback and Corrections in the Comments

More to Explore

Table of Contents

Leave a Reply

Your email address will not be published. Required fields are marked *


What are you looking for?

Type in a question or keyword below

Frequently Asked Questions

Why are your prices so high?

Our prices actually aren’t that high when you compare our laptops to models in the same class. Our Aon S1 is in the same class as the Dell XPS 13, Lenovo Thinkpad X1, and MacBook Pro. When you compare against these models, you will see our pricing is actually very reasonable, especially considering the fact that our Aon S1 has many advantages over these other models, including user-upgradeability, user-serviceability, and customizability.

Also, it’s important to note that unlike other laptop manufacturers that do final assembly in China, our laptops are built-to-order in the United States. This enables us to provide a much broader array of customization options compared to companies like Dell, Lenovo, and Apple, although at a higher cost.

Read More

Are all the parts soldered to the motherboard?

In many modern laptops, especially thin and light models (like Apple’s MacBook Air or Pro, Dell’s XPS 13, or many of Lenovo’s ThinkPad X1 Carbon models), the memory, storage, battery, and wireless module are often soldered directly onto the motherboard. This is done to save space and allow the laptop to be thinner, but it means that the RAM and SSD are not user-upgradeable.

However, as part of our commitment to the Right to Repair Movement, the memory, storage, battery, and wireless module all MALIBAL laptops are user-upgradeable or user-replaceable.

Do any of your laptops support coreboot?

Coreboot is an open-source project aimed at replacing the proprietary BIOS (Basic Input/Output System) firmware found in most computers. BIOS firmware is the first piece of software that runs when a computer is turned on. It initializes the hardware and starts the operating system.

Coreboot is designed to perform only the minimum amount of hardware initialization necessary to load and run a modern 32-bit or 64-bit operating system. This minimalist approach not only reduces the complexity and potential attack surface of the firmware, but it can also speed up the system boot time significantly.

Coreboot can be used with payloads such as a Linux kernel, SeaBIOS, or UEFI firmware to provide a complete firmware solution. It’s appreciated by users who want to have more control over their hardware, value the transparency and security that come from open-source software, or have specialized requirements.

Coreboot with EDK II is supported on our Aon line of laptops.

Can your laptops be charged or powered via USB-C?

USB-C is revolutionizing the way we charge laptops. As a universal charging standard, USB-C has a number of advantages that make it particularly suited for this task.

First and foremost, it offers high power delivery capability – up to 100 watts – which is sufficient to charge even power-hungry laptops. This eliminates the need for proprietary laptop chargers and allows for charging via common adapters, power banks, or even other laptops.

Additionally, USB-C is a reversible connector, meaning it can be inserted either way, making it more user-friendly.

It also supports data transfer and display output, allowing for a single cable to provide power, transfer data, and connect to external monitors.

All MALIBAL laptops can be powered via the Thunderbolt 4 port.

Who is MALIBAL?
MALIBAL is an innovative technology company that produces high-performance, custom linux laptops for developers and content creators; mobile workstations for engineers, scientists, video editors, 3D modelers, and animators; and mobile servers for enterprise applications. On our site, you will find information about the best linux laptops, such as our Aon S1 and Aon L1 models, our customers, new articles, latest news, guides, features, and more.
How do I get a quote?

If you need a quote for any reason, e.g., to submit to accounting for approval, before ordering, simply add the laptop(s) you want to purchase to the Cart, then click Checkout, and on the checkout page, click Convert Cart to Quote. We will email you a PDF of the quote with a link to make payment once you are ready to complete the order.

How do I cancel an order?

You may cancel an order any time up until it ships. After it ships, you will not be able to cancel it, but will instead have to use our return policy in order to return the laptop for a refund. To cancel an order, simply open a sales ticket or sales chat and give the representative your order information, and they will cancel the order for you and send you confirmation via email and text.

 

How do I make a change to my order?

You may make changes to your order up until it ships. To modify an order, simply open a sales ticket or sales chat and give the representative your order information and specify which changes you want to make.

When is my order shipping?

If all parts are in stock, the average build time for laptops is 5-7 business days. This means laptops will ship 5-7 business days after the order is placed. If a component is backordered, it will say which parts are backordered in your order confirmation email.

To see the estimated delivery date of your laptop, please check your order confirmation email for the Estimated Delivery Date. You can also see this information on your My Account > Order Details page. The estimated delivery date is the build time (plus backorder delay, if applicable) plus the shipping time.

Once your laptop ships out, we will email you the tracking information. An adult will need to be at the address to sign for the package when it arrives.

How do I track my order after it ships?

You can view your tracking status via the order details page in your account.