How to Setup SSH Login With Public Key Authentication
If you’re using SSH to connect to remote servers, public key authentication is a security best practice. Unlike password-based logins, key-based authentication is not vulnerable to brute-force attacks.
Using a key to authenticate a connection is a convenient way to log into Rad Web Hosting servers from within scripts or automation tools without having to enter a password.
1. Create a Key Pair
Public Key Authentication uses a key pair (private key and public key) for authentication. This key pair can be generated on the client machine or downloaded from the server that has SSH installed.
The private key is always kept with the user, while the public key is sent to the server and used for authenticating users. Any compromise of the private key will allow an attacker to log into any SSH server configured with the corresponding public key.
In addition, the key can be encrypted on disk using a passphrase. This protects the private key from being copied to other systems without additional authentication.
To create a key pair, use the ssh-keygen utility or a command-line tool. If ssh-keygen is not available, it can be found in the OpenSSH package on many Linux and macOS machines.
ssh-keygen -t rsa -b 4096
The keys will be created at the /user_directory/.ssh/directory, the default name is id_rsa.
If you want to name the key use the -f option, use the -C option to customize the key comment:
ssh-keygen -t rsa -b 4096 -f ~/.ssh/key_name -C "$(whoami)@$(hostname)_$(date -I)"
2. Upload the key to the server
Public key authentication can be used to allow for passwordless SSH logins. It uses asymmetric cryptography to authenticate users through signature verification with a private key and a public key.
To enable public key authentication, copy the public key to the server’s authorized_keys file. This file is in the /.ssh/ directory of the user you’re connecting to.
Once you have copied the public key to the authorized_keys file, you can configure your SSH client to use this key. This is useful if you want to log in to multiple remote servers with only one key and do not wish to have to type your SSH password each time.
Note that this process works best when the private key is kept secret, and you’re not sharing your home computer with other people. If you are, however, you may choose to encrypt your private key using a passphrase.
ssh-copy-id -i ~/.ssh/key_name.pub -p 22 user_name@remote_host
3. Create an authorized_keys file
If you have created a public key pair, the next step is to add it to the authorized_keys file. This file is used to allow you to log into a remote host without asking for a password.
The authorized_keys file is a text file that lists the public keys that are allowed to connect to a server with SSH. This file is read into the environment at login and is checked by the SSH daemon on the server to determine if a user has access to the keys.
The public key is usually kept on the computer of the user logging in, and its private key is stored on the remote system that the user will be logging in to. A user can use both the public and private keys for authentication, which makes the process more secure than a simple password.
cat ~/.ssh/key_name.pub | ssh -p 22 user_name@remote_host "mkdir -p .ssh; cat >> ~/.ssh/authorized_keys"
4. Authenticate
Public key Authentication uses a pair of cryptographically secure keys to authenticate clients. Each user has a unique set of public and private keys.
In this way, a server can protect against brute-force attacks. For instance, when a user attempts to login via SSH with a password, the system challenges the user with the public key, which is stored in a file on the server.
The public key is then compared with the private key stored on the client. If they match, the authentication is successful.
This method is much more secure than a regular password login. It is also much faster and easier to use.
After the public key has been added to the remote host include the private key by adding the option -i to the ssh connection command:
ssh -p 22 -i ~/.ssh/key_name user_name@remote_host
[…] leverage advanced encryption techniques, such as Secure Shell (SSH) keys, to ensure a fortified barrier against unauthorized access or cyber threats, offering a shield of […]
[…] server’s IP address and a secure method of accessing it (SSH keys are […]
[…] automate SSH login, you can use SSH key-based authentication instead of passwords. This allows you to log in to your Rocky Linux VPS without needing to enter […]