Setting up SSH Server for Public/Private keys based Authentication (Password-less login)
SSH is a protocol to communicate a server with client in an encrypted manner. It has replaced telnet protocol, which was not at all secure at all. Almost the Linux system admins know about it because they use it to connect to Linux servers as the physical access to server is very limited.
SSH is installed by default on most of the Linux distribution. & to access a server through ssh is very easy, you use following command
and then you enter the credentials. But in this tutorial we will learn to access ssh session securely with the help of Public/Private keys authentication aka password-less ssh sessions. Advantages of using Public/Private keys authentication are
- You won’t be asked for password everytime you access server (unless you are using a passphrase to decrypt the keys)
- No-one can gain unauthorized access to your server unless they have the right key .
Now let’s create Public/Private keys to access our servers.
Creating keys on Local machine
Remember this, keys are to be created on each host that you wish to gain access from. So if there are 10-20 hosts from where you want to access a server, we must create keys on all those 10-20 servers.
To create keys, run the following command
It will then ask you to select a location for the generated keys. By default, the keys will be stored in the ~/.ssh which is a hidden directory in your home folder (/home/dan/.ssh). The private key will be called id_rsa and the associated public key will be called id_rsa.pub.
It will also ask you to enter a passphrase, which is used to decrypt the keys. If you don’t wish to use any pass-phrase just leave it empty & press enter or else provide a pass-phrase.
Next, set permissions on your private keys,
Configuration on Server
Now copy the Public key (id_rsa.pub) & move it to server at /home/user/.ssh/authorized_keys folder. Now that the public keys have imported to server, remove them from local machine.
Next, we will also have to set permissions on the server as well
All the settings for Public/Private keys authentication is now complete.
Testing the Public/Private keys authentication
Now log back into the local machine to access server & enter
& hit enter. You will notice that you won’t be asked for the credentials & are logged directly into the server.
Once you have tested your Public/Private keys authentication, you can also disable use of password authentication so that everyone uses only keys to access the server. Thus making your servers more secure. To disable password authentication , open /etc/sshd/sshd_config & change the following parameter
That’s it, our Public/Private keys authentication setup is now complete. I also recommend to read “Ultimate Guide to Securing SSH Sessions” to implement some other measure to secure your servers.
If you have any comments/queries, please mention them in the comment box down below.