Hello friends, in our security conscious world even passwords are not secure. Let's face it, if someone finds your password they can impersonate you and log into multiple systems using your credentials.
Another way to secure your remote server is to not use passwords at all but rely on public keys which you generate on your local machine. This method of authentication far more secure than sending your credentials over the internet.
Private and public keys.... those sound complicated. Okay here is a quick rub on what those are. A private key is a unique to a machine and cannot be duplicated. It contains information about a machine and can be used to authenticate public keys from a foreign host. It is important to guard the private key like your life depends on it and it should never be shared with anyone!
The public key is unique to a machine but it needs a private key to validate it's legitimacy. A public key can be shared with anyone or any machine. To create a public you will need to use the private key.
Let's get started:
- Open your favorite terminal client and go to your .ssh directory (
cd ~/.ssh) and check to see if you already have any private keys.
As you can see I already have some a private (id_rsa) and public key (id_rsa.pub). If you don't have these it's okay since we'll be overwriting these or creating new ones.
2. We'll use the current private key and create a new public key using RSA protocol 2 and with a bit size of 4096.
ssh-keygen -t rsa -b 4096
You can enter a file name to save your public key in, I will just use the default - id_rsa.pub. Highly advisable to enter a password for the public key, but it's not necessary.
Generating public/private rsa key pair. Enter file in which to save the key (/home/mobaxterm/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again:
3. Now we'll import the public key to the remote machine or server. You can do this two different ways. One way involves using the ssh-copy-id command and the other is to copy it over into the machine via scp, sftp, or ftp. I went with the latter option and used scp. Make sure your public key is located in ~/.ssh of your remote server.
scp id_rsa.pub phil@remoteserver:/home/phil/.ssh
4. Now to enable the public key usage on the remote machine we have to edit the sshd_config. Find PasswordAuthentication and make sure it's uncommented and set to no.
5. Restart sshd so the ssh config changes takes effect.
systemctl restart sshd
6. Ssh into your remote machine from your local computer using the private key you created. If everything worked correctly the remote server will use the public key you provided and check if the finger-print of the private key is legit.
ssh -i ~/.ssh/id_rsa scleft@remoteserver
The only downside to using public keys is that you cannot ssh from another machine since its public key isn't added on the remote server.