SSH, secure shell, is a secured protocol used in communicating with a remote server via a network that is not secure. It uses a public key called SSH keys for carrying out authentication. The SSH key is a new alternative to the .rhosts authentication. The following is a guide on how to configure a SSH key based authentication on a linux server.

 

Generate a New SSH Key Pair

Firstly, you’ll need to use the ssh-keygen to create a new SSH key pair. The key pair is used for authentification purposes, for example, logging in and host validation. To launch the keygen, you must launch the terminal and enter the following command line:

ssh-keygen -t rsa -b 4096 -C "your-email-here@example.com

 

It will show the status that the public/private rsa key pair is in the process of being generated. Next, it prompts you to enter a new directory location for saving the SSH key pair. If you skip this step, it will store the keys in the ~/.ssh directory. The benefit of choosing to save the keys in the default location is that it enables your SSH client to easily locate them.

 

It will prompt a second time for a passphrase. You can leave the field empty if you don’t want to use a passphrase. If you do enter a passphrase, make sure you write it down somewhere as you’ll going to have to use it later. After entering the passphrase twice, it will generate a 2048 bit RSA key pair. For those who already have a key pair, you can just type y to overwrite it.

 

Copying the Public Key with SSH-Copy-ID

The second step is to copy the public key to the SSH remote server. The most convenient method is to use the ssh-copy-id tool which can be found in the OpenSSH packages. If you want to use this method, you must have a password based SSH access account. Now, you must enter the syntax

ssh-copy-id usernamehere@remote-host

 

It will display a message that it can’t establish the autheticity of the host. You must type y to continue. It will then attempt to scan your local account and ask for the password of the remote user account. After you type in the password, it will connect to the remote host and copy the contents from ~/.ssh/id_rsa.pub key into the remote system’s ~/.ssh/authorized_keys.

 

When you see this line, it has successfully uploaded your id_rsa.pub key to the remote account.

 

 

Copy the Public Key with Traditional SSH Method

Another way to copy the public key is via the traditional SSH method. This method also requires you to have a password based SSH access. You must paste the following command:

cat ~/.ssh/id_rsa.pub | ssh yourusername@remote-host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

 

When you see the authenticity of host cannot be established message, you are to type yes to continue. After entering the password, the id_rsa.pub key will be copied to the ~/.ssh/authorized_keys.

 

 

Manually Copy the Public Key

It is also possible to copy the public key manually if you don’t have a password based SSH access. You must first get the key content to display by entering the command line:

cat ~/.ssh/id_rsa.pub

 

Next, you must login to the control panel via the web console. You can type the following command to create the directory:

mkdir -p ~/.ssh

 

 

Now, you must go to the id_rsa.pub file and look for the following string:

echo public_key_string >> ~/.ssh/authorized_keys

 

 

The public_key_string should be replaced with your key content which should start with ssh-rsa AAAA.

 

Disabling the Password Base Authentication

The third step is to disable the password base authentication since you already have setup the key based authentication. You can use a simple editor like notepad to edit the configuration file which is /etc/ssh/sshd_config.

 

In this file, you must use the search feature to look for password authentication and set it to “No”. In order for the change to become validated, make sure you you restart the ssh by entering the following command line:

systemctl restart sshd

 

How to Access the Remote Host with the SSH Key

When you want to access the SSH from your configured client system, you just simply paste the following command and enter the passphrase you set just now.

ssh yourusername@remote-host

 

In the first time that you connect to this host, it will state it does not recognize the connection and ask if you want to continue. You simply type yes to continue and press the enter key

 

You can login immediately by pressing the enter key if you did not set a paraphrase just now. If you did set the paraphrase, you can enter it now.

 

As you can see, you are now logging into your remote system account without using the passphrase of your user account. Before you login with the new client, make sure you restart the ssh service.

 

 

How to Access the Remote Host from Other Clients

If you want to ssh into the remote system from other clients like CentOS, you will have to create a separate SSH key pair on the client system.

 

You can launch the ssh-keygen by entering the command line:

ssh-keygen

 

You must type a new passphrase and re-enter the same passphrase to confirm it. Once the keypair is generated, you must have the public ssh key copied to the remote server.

 

To show the public key, you must enter the following command

cat ~/.ssh/id_rsa.pub

 

Now, you must open the remote server’s console. Here, you are to set up a new directory called ssh in the home directory. As a root user, you must execute the following command

mkdir -p ~/.ssh

 

You must paste the public key into a file called

echo {Your-public-key-contents-here} >> ~/.ssh/authorized_keys

To validate the changes, make sure you restart the ssh service.

 

 

Conclusion

In conclusion, it is not that hard to configure a SSH authentication on a Linux. With SSH authentication, you no longer have to use your account password to login. The reason why people prefer to use SSH authentication is that it offers more protection from hacker attacks.

Rate this post