If you decide to set up ssh key authentication on the server, the first thing to do is to generate secret and public RSA keys.
Once generated, the public key is copied to the server and the secret key remains stored on the local computer.
To generate key pairs run the command:
ssh-keygen -t rsa -b 2048
The program prompts you to specify the directory where the key files will be saved and asks you to enter a secret phrase
Press Enter to use the default settings, then the program will save the keys to the directory .ssh in the user's home directory
To go to the directory with the keys, run the command:
cd ~/.ssh
There will be two files in the directory:
-
id_rsa - secret key
-
id_rsa.pub - public key
Copy the secret key file to a safe place and transfer the public key to the server.
Enter the generated public key into the authorized keys of the server. To do that, copy the contents of id_rsa.pub to the end of the file authorized_keys:
cat id_rsa.pub >> ~/.ssh/authorized_keys
Set up ssh authorization by key in the OpenSSH server config:
nano /etc/ssh/sshd_config
Match the current settings with the parameters below:
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
To disable password login, change the value of the parameter:
UseLogin no
Set permissions:
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
Next, restart the ssh server.
service sshd restart
This completes the server setup.
Setting up ssh authorization by key in Linux
For ssh key authorization in Linux, create a file ~/.ssh/config and copy the lines below into it. Then specify the server address and the location of the secret key file by analogy.
Host server.net
IdentityFile ~/.ssh/keys/id_rsa
Set permissions on the file:
chmod 600 ~/.ssh/config
To login to the server using SSH authorization by key, run the command:
ssh user@server.net
If you want to manually specify the location of the key, run the command:
ssh -i ~/.ssh/id_rsa user@server.net