Setting up SSH Server for Public/Private keys based Authentication (Password-less login)

Last updated on March 12th, 2018 at 09:01 pm

SSH  is a protocol to communicate a server with client in an encrypted manner. It has replaced telnet protocol, which was not at all secure at all. Almost the Linux system admins know about it because they use it to connect to Linux servers as the physical access to server is very limited.

SSH is installed by default on most of the Linux distribution. & to access a server through ssh is very easy, you use following command

$ ssh {Server IP address or FQDN}

and then you enter the credentials. But in this tutorial we will learn to access ssh session securely with the help of Public/Private keys authentication aka password-less ssh sessions. Advantages of using Public/Private keys authentication are

  • You won’t be asked for password everytime you access server (unless you are using a passphrase to decrypt the keys)
  • No-one can gain unauthorized access to your server unless they have the right key .

Now let’s  create Public/Private keys to access our servers.

Creating keys on Local machine

Remember this, keys are to be created on each host that you wish to gain access from. So if there are 10-20 hosts from where you want to access a server, we must create keys on all those 10-20 servers.

To create keys, run the following command

$ ssh-keygen –t rsa

It will then ask you to select a location for the generated keys. By default, the keys will be stored in the ~/.ssh which is a hidden directory in your home folder (/home/dan/.ssh). The private key will be called id_rsa and the associated public key will be called id_rsa.pub.

It will also ask you to enter a passphrase, which is used to decrypt the keys. If you don’t wish to use any pass-phrase just leave it empty & press enter or else provide a pass-phrase.

Next, set permissions on your private keys,

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa

 

Configuration on Server

Now copy the Public key (id_rsa.pub) & move it to server at /home/user/.ssh/authorized_keys folder. Now that the public keys have imported to server, remove them from local machine.

Next, we will also have to set permissions on the server as well

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

All the settings for Public/Private keys authentication is now complete.

 

Testing the Public/Private keys authentication  

Now log back into the local machine to access server & enter

$ ssh {Server IP address or FQDN}

& hit enter. You will notice that you won’t be asked for the credentials & are logged directly into the server.

Once you have tested your Public/Private keys authentication, you can also disable use of password authentication so that everyone uses only keys to access the server. Thus making your servers more secure. To disable password authentication , open /etc/sshd/sshd_config & change the following parameter

PasswordAuthentication no

That’s it, our Public/Private keys authentication setup is now complete. I also recommend to read  “Ultimate Guide to Securing SSH Sessions” to implement some other measure to secure your servers.

 

If you have any comments/queries, please mention them in the comment box down below.

ADIOS !!!

If you think we have helped you or just want to support us, please consider these :-

Connect to us: Facebook | Twitter | Google Plus

Become a Supporter – Donate us some of you hard earned money:

Linux TechLab is thankful for your continued support.

Shusain

Passionate about Linux & open source. Loves to learn, read & write about Linux as well as new technologies.

You may also like...

Leave a Reply