Setting Up Public-Key Authentication for SSH: A Step-by-Step Guide

Public-Key Authentication is a secure way to log into a remote machine without using passwords. Instead of inputting a password for each authentication, you utilize a pair of cryptographic keys: a public key, which resides on the remote machine, and a private key, which stays on your local device. This blog post will guide you through the straightforward process of setting up Public-Key Authentication for SSH on your Linux system.

Why Use Public-Key Authentication?

• Enhanced Security: Unlike passwords, which can be guessed or intercepted, public-key cryptography is significantly more secure.
• Convenience: Once set up, logging into your remote machines becomes faster and requires less effort.

Step-by-Step Instructions

Step 1: Generate Your Keys

To start, you need to create your private-public key pair. Open your terminal and run the following command:

ssh-keygen

This command will guide you through the key generation process. By default, it will create two files:

• id_rsa: Your private key (keep this secure!)
• id_rsa.pub: Your public key (this is the one you will share)

Step 2: Copy the Public Key to the Remote Machine

Next, it’s time to transfer your public key to the remote machine. This requires access to the remote server where you want to log in. You will need to append the contents of your id_rsa.pub file to the ~/.ssh/authorized_keys file on the remote server. You can do this efficiently with the following command (after logging into the remote machine):

echo "your-public-key" >> ~/.ssh/authorized_keys

Note: Make sure to replace “your-public-key” with the actual content from your id_rsa.pub file.

Step 3: Set Permissions for Security

To ensure that your private keys are stored securely, you need to set the correct permissions. Locally, run:

chmod 600 ~/.ssh/id_rsa*

And on the remote machine, set the permissions for the authorized keys file as follows:

chmod 600 ~/.ssh/authorized_keys

These commands restrict access to your keys, so they can’t be read by other users.

Step 4: Testing Your Setup

Now you are ready to test your setup! Use the SSH command to connect to the remote machine:

ssh username@remote.machine

If everything is configured correctly, it will prompt you for the passphrase for your private key instead of asking for the remote user’s password.

Step 5: Using SSH-Agent for Convenience

Typing your key’s passphrase every time you connect can become tedious. To simplify your process, you can use ssh-agent, which holds your decrypted keys in memory. Here’s how to set it up:

1. Launch ssh-agent using the command:

   eval $(ssh-agent)
   

   Check if it’s already running by executing:

   echo $SSH_AUTH_SOCK
   

2. Add your private key to the agent with:

   ssh-add ~/.ssh/id_rsa
   

   After entering your passphrase once, you won’t have to enter it again until you remove it from the agent.

3. If you need to clear your keys from the agent, simply run:

   ssh-add -D
   

Conclusion

Setting up Public-Key Authentication for SSH is a powerful way to enhance both your security and efficiency when accessing remote systems. By following these steps, you create a secure, password-less environment that can save you time and reduce the risks associated with traditional password authentication.

Now you can confidently log into your remote machines securely and easily! Feel free to refer back to this guide as you set up Public-Key Authentication on your systems.