Securing SSH of a server in a network is the primary task of every system admin. In the previous article I wrote about how to block root user login via ssh. This tutorials helps you to setup ssh public key based authentication.
ssh-keygen can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA keys for use by SSH protocol version 2. The type of key to be generated is specified with the -t option. If invoked with‐out any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/user1
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/user1.
Your public key has been saved in /root/.ssh/user1.pub.
The key fingerprint is:
The key’s randomart image is:
+–[ RSA 2048]—-+
| o E |
| o + o |
| o S o |
| o o = + |
| * o + o = |
| . = . o =. |
| . o +o |
Now copy the public key file to remote machine using ssh-copy-id command
Public Key : /root/.ssh/user1.pub
Private Key : /root/.ssh/user1
root@linuxinternetworks:~# ssh-copy-id -i /root/.ssh/user1.pub email@example.com
Now try logging into the machine, with “ssh ‘firstname.lastname@example.org'”, and check in:
to make sure we haven’t added extra keys that you weren’t expecting.
Use the private to login into the remote machine, this time it wont ask the password
email@example.com:~# ssh -i /root/.ssh/user1 firstname.lastname@example.org
Last login: Sun Jun 30 09:46:58 2013 from 220.127.116.11
[user1@server2 ~]$ exit
If you want, you can keep both password and key based authentication or else you can disable password authentication. Check here about How to disable password authentication.