SSH key-based authentication

From rdkwiki
Jump to: navigation, search


The steps below will secure the SSH access of your server with key-based authentication assuming you are logged on as the user that you want to allow access.

Generate the private and public key

  • ssh-keygen -t rsa --> generate the private/public key (it will ask for a location and a passphrase (optional) )

by default it will generate two files in the folder ~/.ssh/:

id_rsa with private key with the public key

Publishing the public key for access

  • cd ~/.ssh --> goto folder containing the generated keys
  • cat --> copy public key from screen!
  • nano ~/.ssh/authorized_keys --> paste the public key and safe the file.
  • copy the private key from id_rsa to your local system and keep it safe! (For Putty access it might be needed to convert with puttygen.exe to make the file compatible)

Securing SSH (after public/private key implementation)

  • nano /etc/ssh/sshd_config
change/uncomment: PermitRootLogin no --> (optional) this will disallow 'root' to login with SSH.
change/uncomment: PasswordAuthentication no --> this will force key-authentication
  • systemctl restart sshd --> restart SSH with new configuration