How to set up SSH keys on linux
To set up keys for SSH, first you will need to generate a RSA pair for your personal use. Then copy the public key to the authorized_keys file on the server, and set your SSH client (e.g. PuTTY) to use the private key in order to log in instead of a password. Lastly, you can disable password authentication. This is how you do it.
Creating a RSA key pair
For Windows, I suggest following this guide: Using PuTTYGen on Windows
Otherwise, you can use the following command:
When using this command, it will prompt you where to save the key file; the default is in the home directory (~/.ssh) as id_rsa — this is fine. If the key already exists and you’re not using it, replace it when prompted.
Enter passphrase (empty for no passphrase):
Enter a password. You will use this every time you connect with SSH in the future, so you might want to make it easy to remember — but still strong.
Setting up SSH to use the key pair
By default, SSH uses the ~/.ssh/authorized_keys (~/ being your user’s home directory) file. You can either manually copy and paste the public key into this on the server, or use something like this:
cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
This will copy the id_rsa.pub (public key that was generated, if it’s on the server) into the authorized_keys file.
You may need to set permissions to the directory and created file for it to work successfully.
chmod 0700 ~/.ssh chmod 0600 ~/.ssh/authorized_keys
Next, modify the /etc/ssh/sshd_config file to use the keys if it isn’t already.
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys
Finally, restart the SSH daemon.
#Ubuntu / Debian: sudo systemctl restart ssh -or- #Most others sudo systemctl restart sshd
And test connecting to SSH with the private key instead of a password.
If it works, disable password authentication for security by editing /etc/ssh/sshd_config etc.
I also suggest denying root access, after creating a non-root sudo user.
PasswordAuthentication no PermitRootLogin no
And restart SSH again as mentioned above. You should be good to go!