Ssh is a protocol designed to make network connections between hosts secure. Ssh is a defacto standard for Linux and related operating systems. Ssh encrypts the connection between sides. Ssh gives terminal access between host and server. To get a terminal there need to be an authentication process. The authentication process is generally password-based but there are some caveats for password-based authentication. Brute force attacks can guess the password and give access to the server. To make things more secure key-based authentication can be used. It is far more secure and practical to use in logins or batch operations.

Creating Key Pairs

We will create key pairs. We may ask yourself why pair. Isn’t 1 key enough? In Asymmetric cryptography key pairs where each if different is used to complete each other. One key is named public which is known by the public. One key is named private and only known by the owner.

$ ssh-keygen -t rsa

During the RSA public and private key generation, we will be asked some questions like below. We can answer them all skip all of them just with Enter key.

• “Enter file in which to save the key (/home/ismail/.ssh/id_rsa):” question is used to specify the RSA key pair which name is `id_rsa` by default and the path where the current user home path under the `.ssh` directory.
• “Overwrite y/n ?” will be asked if there is already a key with the specified path and name and accept to overwrite. If we will not use the old RSA key we can overwrite with “y” answer.
• “Enter passphrase (empty for no passphrase)” question is used to protect created public and private key with encryption where we have to specify a passphrase
• “Enter passphrase” line is used to check previously entered passphrase to prevent mistakes

We have created a key pair based RSA algorithm. Our key pairs are 2048 bit. So it is more secure as long as the longer key size. We can protect our key pair with passphrase but it is not practical for most situations. Our key pair is located by default users’ home directories .ssh file. Keep in mind that while working with ssh configuration we need root privileges. The best way to get root privileges uses the following command.

$ sudo su

Adding User SSH Key to Remote Server

Now we have a key to use. We will use ssh-copy-id command where we specify the user we want to copy the key and the server hostname or IP address. In this example, we will copy already created an SSH key for the user ismail in the 192.168.142.150.

$ ssh-copy-id ismail@192.168.142.150

We can see that during the SSH key deployment some information is printed to the screen like source key which will be installed to the remote system. How many keys remained for installation? and at the end of the installation, the “Number of keys added” which is one in this case. Then the SSH command to login passwordless to the remote system with the specified user is printed where we can check like below.

$ ssh ismail@192.168.142.150

Disable Password-Based Authentication for SSH Configuration

After completing these steps we can disable password-based authentication for ssh server.

$ vim /etc/ssh/sshd_config

Open sshd_config file and change PasswordAuthentication and PermitRootLogin line like below

PasswordAuthentication no
PermitRootLogin without-password

Apply SSH Server Configuration

Then restart SSH server to load with the new configuration.

$ sudo systemctl restart ssh

Check SSH Server Status

Check if the SSH is working with the systemctl command like below. We will see that the SSH is working properly in the Active line with a green color. If there is an error you can revert back to the original configuration and restart the SSH service again which is described previously.

$ systemctl status ssh

 

How To Create and Setup SSH Keys For Passwordless and Public Key Based Authentication In Linux? Infographic