SSH, secure shell, is a secured protocol used in communicating with a remote server via a network that is not secure. It uses a public key called SSH keys for carrying out authentication. The SSH key is a new alternative to the .rhosts
authentication. The following is a guide on how to configure a SSH key based authentication on a linux server.
Generate a New SSH Key Pair
Firstly, you’ll need to use the ssh-keygen to create a new SSH key pair. The key pair is used for authentification purposes, for example, logging in and host validation. To launch the keygen, you must launch the terminal and enter the following command line:ssh-keygen -t rsa -b 4096 -C "your-email-here@example.comIt will show the status that the public/private rsa key pair is in the process of being generated. Next, it prompts you to enter a new directory location for saving the SSH key pair. If you skip this step, it will store the keys in the ~/.ssh directory. The benefit of choosing to save the keys in the default location is that it enables your SSH client to easily locate them. It will prompt a second time for a passphrase. You can leave the field empty if you don’t want to use a passphrase. If you do enter a passphrase, make sure you write it down somewhere as you’ll going to have to use it later. After entering the passphrase twice, it will generate a 2048 bit RSA key pair. For those who already have a key pair, you can just type y to overwrite it.
Copying the Public Key with SSH-Copy-ID
The second step is to copy the public key to the SSH remote server. The most convenient method is to use the ssh-copy-id tool which can be found in the OpenSSH packages. If you want to use this method, you must have a password based SSH access account. Now, you must enter the syntaxssh-copy-id usernamehere@remote-hostIt will display a message that it can’t establish the autheticity of the host. You must type y to continue. It will then attempt to scan your local account and ask for the password of the remote user account. After you type in the password, it will connect to the remote host and copy the contents from ~/.ssh/id_rsa.pub key into the remote system’s ~/.ssh/authorized_keys. When you see this line, it has successfully uploaded your id_rsa.pub key to the remote account.
Copy the Public Key with Traditional SSH Method
Another way to copy the public key is via the traditional SSH method. This method also requires you to have a password based SSH access. You must paste the following command:cat ~/.ssh/id_rsa.pub | ssh yourusername@remote-host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"When you see the authenticity of host cannot be established message, you are to type yes to continue. After entering the password, the id_rsa.pub key will be copied to the ~/.ssh/authorized_keys.
Manually Copy the Public Key
It is also possible to copy the public key manually if you don’t have a password based SSH access. You must first get the key content to display by entering the command line:cat ~/.ssh/id_rsa.pubNext, you must login to the control panel via the web console. You can type the following command to create the directory:
mkdir -p ~/.sshNow, you must go to the id_rsa.pub file and look for the following string:
echo public_key_string >> ~/.ssh/authorized_keysThe public_key_string should be replaced with your key content which should start with ssh-rsa AAAA.
Disabling the Password Base Authentication
The third step is to disable the password base authentication since you already have setup the key based authentication. You can use a simple editor like notepad to edit the configuration file which is /etc/ssh/sshd_config. In this file, you must use the search feature to look for password authentication and set it to “No”. In order for the change to become validated, make sure you you restart the ssh by entering the following command line:systemctl restart sshd
How to Access the Remote Host with the SSH Key
When you want to access the SSH from your configured client system, you just simply paste the following command and enter the passphrase you set just now.ssh yourusername@remote-hostIn the first time that you connect to this host, it will state it does not recognize the connection and ask if you want to continue. You simply type yes to continue and press the enter key You can login immediately by pressing the enter key if you did not set a paraphrase just now. If you did set the paraphrase, you can enter it now. As you can see, you are now logging into your remote system account without using the passphrase of your user account. Before you login with the new client, make sure you restart the ssh service.
How to Access the Remote Host from Other Clients
If you want to ssh into the remote system from other clients like CentOS, you will have to create a separate SSH key pair on the client system. You can launch the ssh-keygen by entering the command line:ssh-keygenYou must type a new passphrase and re-enter the same passphrase to confirm it. Once the keypair is generated, you must have the public ssh key copied to the remote server. To show the public key, you must enter the following command
cat ~/.ssh/id_rsa.pubNow, you must open the remote server’s console. Here, you are to set up a new directory called ssh in the home directory. As a root user, you must execute the following command
mkdir -p ~/.sshYou must paste the public key into a file called
echo {Your-public-key-contents-here} >> ~/.ssh/authorized_keysTo validate the changes, make sure you restart the ssh service.