If you decide to set up ssh key authentication on the server, the first thing to do is to generate secret and public RSA keys.

    Once generated, the public key is copied to the server and the secret key remains stored on the local computer.

    To generate key pairs run the command:

    ssh-keygen -t rsa -b 2048  

    The program prompts you to specify the directory where the key files will be saved and asks you to enter a secret phrase

    Press Enter to use the default settings, then the program will save the keys to the directory .ssh in the user's home directory

    To go to the directory with the keys, run the command:

    cd ~/.ssh  

    There will be two files in the directory:

    • id_rsa - secret key

    • id_rsa.pub - public key

    Copy the secret key file to a safe place and transfer the public key to the server.

    Enter the generated public key into the authorized keys of the server. To do that, copy the contents of id_rsa.pub to the end of the file authorized_keys:

    cat id_rsa.pub >> ~/.ssh/authorized_keys  

    Set up ssh authorization by key in the OpenSSH server config:

    nano /etc/ssh/sshd_config  

    Match the current settings with the parameters below:

    PubkeyAuthentication yes  
    AuthorizedKeysFile %h/.ssh/authorized_keys  
    RhostsRSAAuthentication no  
    HostbasedAuthentication no  
    PermitEmptyPasswords no  

    To disable password login, change the value of the parameter:

    UseLogin no  

    Set permissions:

    chmod 700 ~/.ssh/  
    chmod 600 ~/.ssh/authorized_keys  

    Next, restart the ssh server.

    service sshd restart  

    This completes the server setup.

    Setting up ssh authorization by key in Linux

    For ssh key authorization in Linux, create a file ~/.ssh/config and copy the lines below into it. Then specify the server address and the location of the secret key file by analogy.

    Host server.net  
    IdentityFile ~/.ssh/keys/id_rsa  

    Set permissions on the file:

    chmod 600 ~/.ssh/config  

    To login to the server using SSH authorization by key, run the command:

    ssh [email protected]  

    If you want to manually specify the location of the key, run the command:

    ssh -i ~/.ssh/id_rsa [email protected]