5 simple steps for key based authentication SSH

SSH Key Based Authentication

Before starting with the main article "Key based authentication ssh" let’s understand first what is SSH? and why we need to make authentication key based?

Secure Socket Shell [SSH]

SSH means Secure Socket Shell which is basically used for secure login way to access a remote computer or server. It is a best secure protocol which is used worldwide for login purpose.

You can use SSH in two Way

  • With Password Login Access
  • Without Password Login Access

Everyone have an idea about “with password login” access which is the primary way to login on the remote server.

In this article, we are going to understand the second way which is far secure and feasible than “With password login”.
The second way is Without Password Login. In without password login or password-less login has one more name ie called “Key Based Authentication SSH”.

Advantages of Key based authentication ssh Login

  • More secure option than any other login techniques.
  • No need to remember or save the password or maintain password sheet.
  • Use for automated login in shell scripts
  • Stronger identity checks through private keys
  • Secure server with unauthorized access

After understanding the benefits and advantages of Key based authentication ssh.

Let’s start with the implementation process of Key based authentication ssh login.

Step 1: Create SSH Key

In the first step, you need to make ssh key of your local system. This key is the private key which will be using for remote server access. If you are using Linux system then there is a simple way to create ssh key. You just need to use “ssh-keygen” command to generate ssh key.
Follow the instructions provides in bold letter.

root@ip:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): [Press Enter]
Enter passphrase (empty for no passphrase): [Provide Passphrase or password to secure key or just enter for empty password]
Enter same passphrase again: [Press Enter]
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
76:d9:40:4c:87:83:9a:ef:ad:1e:43:ed:64:3f:80:0a root@ip-172-31-17-90
The key's randomart image is:
+---[RSA 2048]----+
| +o.. |
| ..+. |
| o .. |
| o o + |
| E .S B . |
| . +.= o |
| ..o.. o |
| .o. . |
| .o. |
+----------------------+

Step 2: Check SSH Key

After creating a key, go to the “~/.ssh” Directory. Under the .ssh directory, you will found two files “id_rsa” and “id_rsa.pub”. Open id_rsa.pub key with cat command & Copy this key.

root@ip:~# cd ~/.ssh/
root@ip:~# ls -l
-rw------- 1 root root 1675 Sep 12 15:51 id_rsa
-rw-r--r-- 1 root root 402 Sep 12 15:51 id_rsa.pub

root@ip:~# cat id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSPuF/yu4drrrNmPE0h1enmNVeTphqBJr4odjtT/+cBn8MSE/K+d3L+1a/3D3U8uBDzG5MYQJW9mY4zscP069gGD8hjQrbBwpDFdUzO43NiUaBubMI5SCotJZkiG61pc0zv8c4y+4EbSwWUMpBomhOWHuNMyZq0dXkZZ2FgykVGoPYNX8ObPYSwbPipEPCttpVc0uJ6cyUjPj43UHiMSA+sJNWFtC1k1jW0K3jddOfzWI1og7wwU+FaODXUEKhWvuRWThCWefZUASfoBuUmWjlDMtawK1sr3Lf7M5Jo3GdWYp149Gcf4iv4pbQMg8ki/bQrJS5 yourname

Step 3: Login to Remote Server

Now login to remote server and open file “sshd_config” which resides under “/etc/ssh/”. Change the line PasswordAuthentication from ‘no’ to ‘yes’.

vim /etc/ssh/sshd_config
PasswordAuthentication yes

Save and close the file.

Step 4: Add Key

Now go to the .ssh directory and open file “authorized_keys”. If authorized_keys file is not available under the .ssh directory then create file authorized_keys. Paste the ssh key in the authorized_keys file.

vim ~/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSPuF/yu4drrrNmPE0h1enmNVeTphqBJr4odjtT/+cBn8MSE/K+d3L+1a/3D3U8uBDzG5MYQJW9mY4zscP069gGD8hjQrbBwpDFdUzO43NiUaBubMI5SCotJZkiG61pc0zv8c4y+4EbSwWUMpBomhOWHuNMyZq0dXkZZ2FgykVGoPYNX8ObPYSwbPipEPCttpVc0uJ6cyUjPj43UHiMSA+sJNWFtC1k1jW0K3jddOfzWI1og7wwU+FaODXUEKhWvuRWThCWefZUASfoBuUmWjlDMtawK1sr3Lf7M5Jo3GdWYp149Gcf4iv4pbQMg8ki/bQrJS5 yourname

Save and close the file.

If you are created authorized_keys file then give below provided permissions.

chmod  600  ~/.ssh/authorized_keys

After all above necessary changes restart the ssh service to reflect the changes.

/etc/init.d/ssh restart

Step 5: Test Key based access

Come back to your local system and take access to the remote server. The first time it will ask to make fingerprint connection so just enter ‘yes’ and you are successfully logged in on a remote server without a password.

ssh root@remote-server-ip
Authenticating with public key "rsa-key"

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Mon Sep 12 15:24:26 2016 from 1.xxx.37.93
root@ip-remote:~#

I hope you like the article if you find any difficulties in key based authentication setup then please do comment your queries or problem via the comment section, till then stay tuned to techthings.org for more such valuable articles.

Latest Comments
  1. Mirian Shade December 30, 2016
    • Prashant Thorat January 26, 2017

Leave a Reply

Your email address will not be published. Required fields are marked *