Axxellance blog logoAxxellanceBlog
How to Set Up SSH Key Authentication on a Linux Server
  • authentication
  • linux
  • server
  • ssh

How to Set Up SSH Key Authentication on a Linux Server

Michael ChukwuemekaWed, 04 Dec 2024 08:06:48 GMT 0

Enhance the security of your Linux server by switching from password-based authentication to SSH key-based authentication. This guide will walk you through generating SSH keys, configuring your server, and improving overall security.

Why Use SSH Key Authentication?

SSH key authentication is more secure than traditional password-based authentication. Instead of relying on a password that can be guessed or brute-forced, SSH keys use cryptographic algorithms, making unauthorized access significantly harder.

Follow these steps to set up SSH key authentication:


1. Generate an SSH Key Pair on Your Local Machine

If you don’t already have an SSH key pair (private and public keys), you’ll need to generate one.

Command to Generate SSH Keys

Open your terminal and run:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"  

Here’s a breakdown of the options:

  • -t rsa: Specifies the RSA algorithm for key creation.
  • -b 4096: Sets the key length to 4096 bits, ensuring stronger encryption.
  • -C "your_email@example.com": Adds a comment (typically your email) to the key for identification.

When prompted:

  • Press Enter to save the key in the default location (~/.ssh/id_rsa).
  • Optionally, add a passphrase for extra security.

2. Copy Your Public Key to the Remote Server

Once the key pair is generated, you need to transfer the public key to your server. There are two methods to do this:

Here’s an improved version of the section with added flexibility for users who use a custom name for their SSH key:


Method 1: Using ssh-copy-id (Recommended)

The ssh-copy-id command simplifies the process by automatically appending your public key to the server’s ~/.ssh/authorized_keys file.

Command:

ssh-copy-id username@server_ip  

Replace:

  • username with your server’s username.
  • server_ip with the IP address or hostname of your server.

What If You Use a Custom SSH Key Name?

If your SSH key is not stored in the default location (~/.ssh/id_rsa), you’ll need to specify the path to your public key using the -i option.

For example:

ssh-copy-id -i /path/to/your_custom_key.pub username@server_ip  

Step-by-Step:

  1. Replace /path/to/your_custom_key.pub with the full path to your public key file.
  2. Enter your password when prompted.

After successfully running the command, your public key will be securely copied to the server. This allows you to authenticate without a password the next time you log in.

Method 2: Manual Copying

If ssh-copy-id isn’t available, you can manually copy the key:

  1. Display the public key on your local machine:
    cat ~/.ssh/id_rsa.pub  
    
  2. Copy the output.
  3. Log into the server:
    ssh username@server_ip  
    
  4. Create a .ssh directory if it doesn’t exist:
    mkdir -p ~/.ssh  
    chmod 700 ~/.ssh  
    
  5. Open the authorized_keys file for editing:
    nano ~/.ssh/authorized_keys  
    
  6. Paste your public key into the file, save, and exit.
  7. Set the correct permissions:
    chmod 600 ~/.ssh/authorized_keys  
    

3. Test SSH Key Authentication

Now, test the setup by logging into the server:

ssh username@server_ip  

If everything is configured correctly, you’ll log in without being prompted for a password. The server will use the SSH key to authenticate you.


4. Disable Password Authentication (Optional but Recommended)

For maximum security, disable password-based logins once SSH key authentication is working.

  1. Open the SSH configuration file on the server:
    sudo nano /etc/ssh/sshd_config  
    
  2. Locate and update the following lines:
    PasswordAuthentication no  
    ChallengeResponseAuthentication no  
    
  3. Save the file and restart the SSH service:
    sudo systemctl restart sshd  
    

From now on, the server will only accept SSH key authentication.


Additional Security Tips

  • Backup Your Private Key: Store a copy of your private key in a secure location. Losing it could lock you out of the server.
  • Use a Passphrase: Protect your private key with a passphrase to add another layer of security.

Conclusion

By following this guide, you’ve successfully configured SSH key authentication on your Linux server, reducing the risk of unauthorized access and enhancing security. This setup ensures that only devices with the correct private key can log into the server, making it far more secure than traditional password-based authentication.

Start securing your server today!