If you decide to set up ssh key authentication on the server, the first thing to do is to generate secret and public RSA keys.

Once generated, the public key is copied to the server and the secret key remains stored on the local computer.

To generate key pairs run the command:

ssh-keygen -t rsa -b 2048  

The program prompts you to specify the directory where the key files will be saved and asks you to enter a secret phrase

Press Enter to use the default settings, then the program will save the keys to the directory .ssh in the user's home directory

To go to the directory with the keys, run the command:

cd ~/.ssh  

There will be two files in the directory:

  • id_rsa - secret key

  • id_rsa.pub - public key

Copy the secret key file to a safe place and transfer the public key to the server.

Enter the generated public key into the authorized keys of the server. To do that, copy the contents of id_rsa.pub to the end of the file authorized_keys:

cat id_rsa.pub >> ~/.ssh/authorized_keys  

Set up ssh authorization by key in the OpenSSH server config:

nano /etc/ssh/sshd_config  

Match the current settings with the parameters below:

PubkeyAuthentication yes  
AuthorizedKeysFile %h/.ssh/authorized_keys  
RhostsRSAAuthentication no  
HostbasedAuthentication no  
PermitEmptyPasswords no  

To disable password login, change the value of the parameter:

UseLogin no  

Set permissions:

chmod 700 ~/.ssh/  
chmod 600 ~/.ssh/authorized_keys  

Next, restart the ssh server.

service sshd restart  

This completes the server setup.

Setting up ssh authorization by key in Linux

For ssh key authorization in Linux, create a file ~/.ssh/config and copy the lines below into it. Then specify the server address and the location of the secret key file by analogy.

Host server.net  
IdentityFile ~/.ssh/keys/id_rsa  

Set permissions on the file:

chmod 600 ~/.ssh/config  

To login to the server using SSH authorization by key, run the command:

ssh user@server.net  

If you want to manually specify the location of the key, run the command:

ssh -i ~/.ssh/id_rsa user@server.net  
Updated Feb. 11, 2019