How to Set Up and Use SSH Key Authentication on Linux
Table of Contents
Secure Shell (SSH) is a widely used protocol for secure remote access and management of Linux servers. By default, SSH authentication relies on passwords, which can be vulnerable to brute-force attacks. SSH key authentication is a more secure and convenient method that uses public-key cryptography to authenticate users. In this guide, we will show you how to set up and use SSH key authentication on your Linux system.
Steps
Step 1: Open Terminal
Open the terminal by pressing Ctrl + Alt + T on your keyboard or by searching for it in the applications menu.
Step 2: Generate SSH Key Pair
First, you need to generate an SSH key pair, which consists of a private key and a public key. To generate a new key pair, run the following command:
ssh-keygen -t ed25519 -C “[email protected]”
This command generates a new Ed25519 key pair, which is considered more secure and efficient than the older RSA key type. You can replace [email protected] with your actual email address or any other identifier.
When prompted, choose a location to save the keys (default is ~/.ssh/id_ed25519 for the private key and ~/.ssh/id_ed25519.pub for the public key) and set a passphrase for added security. Make sure to keep your private key safe and secret, as it’s used to authenticate your identity.
Step 3: Copy Public Key to Remote Server
To set up SSH key authentication, you need to copy your public key to the remote server’s authorized_keys file. You can do this using the ssh-copy-id command:
ssh-copy-id -i ~/.ssh/id_ed25519.pub username@remote_server_ip
Replace username with your remote server’s username and remote_server_ip with the IP address or domain of the remote server. If prompted, enter your remote server’s password to complete the process.
Step 4: Test SSH Key Authentication
Now that your public key is on the remote server, you can test SSH key authentication by connecting to the server:
ssh -i ~/.ssh/id_ed25519 username@remote_server_ip
If the setup is successful, you will be logged into the remote server without entering a password. However, if you set a passphrase during key generation, you’ll be prompted to enter it.
Step 5 (Optional): Disable Password Authentication
For added security, you can disable password-based authentication on the remote server, allowing only key-based authentication. To do this, edit the SSH configuration file on the remote server:
sudo nano /etc/ssh/sshd_config
Find the line that contains #PasswordAuthentication yes, uncomment it by removing the #, and change yes to no:
PasswordAuthentication no
Save the file and restart the SSH service:
sudo systemctl restart sshd
Now, only users with authorized SSH keys can access the remote server.
Conclusion
Setting up and using SSH key authentication on Linux is a simple and effective way to enhance the security of your remote connections. By following the steps in this guide, you can create an SSH key pair, set up key-based authentication, and optionally disable password authentication. This will help you protect your Linux system from unauthorized access and make remote management more convenient.