How To Setup SSH Public Key Authentication On Linux
Why using SSH Public Key Authentication On Linux? Public Key Authentication is much more secure than SSH password authentication.
In case if your server allows password authentication, remote attackers will try guess your SSH password with brute-force attacks.
Login into remote server and create .ssh folder for keeping authorized_keys
$ cd $ mkdir .ssh $ chmod 0700 .ssh
Generate SSH key pair
On the client computer generate key pair with command:
$ ssh-keygen -t rsa -C "Comment"
You can type file name or just hit enter button. Also hit twice enter button for empty passphrase:
Now you have generated key pair in .ssh folder.
id_rsa Private Key (DO NOT SHARE)
id_rsa.pub Public Key
Install generated public key onto remote server
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub username@YourRemoteServer
Sample output:
Source of key(s) to be installed: "****/id_rsa.pub" attempting to log in with the new key(s), to filter out any that are already installed 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'username@YourRemoteServer'" and check to make sure that only the key(s) you wanted were added.
Now try logging into the machine
ssh 'username@username@YourRemoteServer
Disable ssh password login on Linux
Edit SSH server configuration file sshd_config:
vi /etc/ssh/sshd_config
Find in config file and edit next parameters:
ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no PermitRootLogin no
Save and restart SSH server:
# /etc/init.d/ssh restart
OR
# systemctl restart ssh
Now test to to login with next command:
$ ssh [email protected] -o PubkeyAuthentication=no
Sample output:
Permission denied (publickey).
