EDU BLOG

Feb 24, 2025

Server login with ssh key

SSH (Secure Shell) is a protocol used to securely connect to remote servers. One of the most common and secure ways to authenticate to a server is through the use of SSH key-based authentication, which eliminates the need for passwords and ensures a higher level of security. In this article, we will walk you through the steps of setting up SSH key-based authentication for server login.

Prerequisites:

  • A local machine (client) with SSH installed.
  • Access to the remote server (host) with root or sudo privileges.
  • Basic knowledge of using the terminal.

Steps to Set Up SSH Key-Based Authentication:

1. Generate SSH Key Pair on Local Machine

The first step is to create an SSH key pair (public and private keys) on your local machine.

  1. Open a terminal on your local machine.

  2. Use the ssh-keygen command to generate a new SSH key pair:

    1
    ssh-keygen -t rsa -b 4096 -C "[email protected]"
    • The -t rsa option specifies the key type (RSA in this case).
    • The -b 4096 option specifies the length of the key (4096 bits for better security).
    • The -C "[email protected]" option is an optional comment that will be added to the key.
  3. You’ll be prompted to choose a location to save the key. Press Enter to use the default location (~/.ssh/id_rsa).

  4. If you want to add an extra layer of security, you can set a passphrase when prompted. You can also leave it empty for no passphrase.

Once the process is complete, your private and public keys will be saved as:

  • Private key: ~/.ssh/id_rsa
  • Public key: ~/.ssh/id_rsa.pub

2. Copy the Public Key to the Remote Server

To allow SSH login without a password, you need to copy the public key to the server’s ~/.ssh/authorized_keys file.

There are a few ways to do this, but one of the easiest and most secure methods is to use the ssh-copy-id command.

  1. Use the following command to copy the public key to the remote server:

    1
    ssh-copy-id username@remote_server_ip
    • Replace username with your remote server’s username (e.g., root or ubuntu).
    • Replace remote_server_ip with the IP address or domain name of your remote server.
  2. You’ll be prompted to enter the password for the remote server. Once authenticated, the public key will be copied to the ~/.ssh/authorized_keys file on the remote server.

Alternatively, you can manually copy the contents of your public key (~/.ssh/id_rsa.pub) and append it to the ~/.ssh/authorized_keys file on the remote server. To do this:

  1. Use cat ~/.ssh/id_rsa.pub to display the public key.
  2. Log in to the server using ssh username@remote_server_ip.
  3. Append the contents of your public key to the ~/.ssh/authorized_keys file:
    1
    echo "your-public-key-content" >> ~/.ssh/authorized_keys
    Ensure the correct permissions are set on the authorized_keys file:
    1
    chmod 600 ~/.ssh/authorized_keys

3. Configure the SSH Daemon (if needed)

In most cases, the default SSH configuration will allow key-based authentication. However, you should verify that this is the case.

  1. Open the SSH configuration file on the remote server:

    1
    sudo vi /etc/ssh/sshd_config
  2. Ensure that the following lines are present and not commented out:

    1
    2
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys
  3. If you made any changes, save the file and restart the SSH service:

    1
    sudo systemctl restart ssh

4. Test SSH Key-Based Login

Now that everything is set up, you can test logging in to the remote server using SSH without a password:

  1. Run the following command from your local machine:
    1
    ssh username@remote_server_ip
  2. If the setup is correct, you should be able to log in without entering a password. If you configured a passphrase for your SSH key, you will be prompted to enter it.

5. Disable Password Authentication (Optional)

For added security, you can disable password authentication entirely, forcing the use of SSH keys for login.

  1. Open the SSH configuration file on the remote server:

    1
    sudo vi /etc/ssh/sshd_config
  2. Find and modify the following line to disable password authentication:

    1
    PasswordAuthentication no
  3. Save the file and restart the SSH service:

    1
    sudo systemctl restart ssh

By disabling password authentication, only users with valid SSH keys can log in, which greatly enhances the security of your server.


Conclusion

SSH key-based authentication is a powerful and secure method for logging into remote servers without the need for passwords. By following these simple steps, you can ensure that your server is more secure and less susceptible to brute-force password attacks. Remember to back up your private key securely, as it is the only way to authenticate to your server.


Other

Cheap VPS Recommendations Page:

OLDER > < NEWER