Ashish-Chorge

Posted on Jan 23

Step-by-step guide to configure SSH key-based authorization

#linux

1. Generate SSH Key Pair

ssh-keygen -t rsa -b 4096

-t rsa: Specifies the RSA algorithm.

-b 4096: Key size (4096 bits).

Enter file to save the key: Press Enter to save it in the default location (~/.ssh/id_rsa), or specify a custom location.

Enter passphrase: (Optional) Add a passphrase for extra security, or press Enter for no passphrase.

This will create two files:

Private key: ~/.ssh/id_rsa (keep this secure and private).

Public key: ~/.ssh/id_rsa.pub (used for authorization).

2. Copy Public Key to the Server

ssh-copy-id username@server_ip

Replace username with your server’s username.

Replace server_ip with your server’s IP address.

cat ~/.ssh/id_rsa.pub

Copy the output.

On the server:

ssh username@server_ip

Append the public key to the ~/.ssh/authorized_keys file:

echo "paste_public_key_here" >> ~/.ssh/authorized_keys

Ensure the file permissions are correct:

chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

3. Test SSH Key Authentication

ssh username@server_ip

If configured correctly, it will log in without asking for a password.

4. Disable Password Authentication (Optional but Recommended)

sudo nano /etc/ssh/sshd_config

PasswordAuthentication no
PubkeyAuthentication yes

sudo systemctl restart sshd

5. Secure Your Keys

chmod 600 ~/.ssh/id_rsa

Troubleshooting Tips:

If key-based login doesn’t work, check the permissions of the following:

~/.ssh directory: chmod 700 ~/.ssh

~/.ssh/authorized_keys file: chmod 600 ~/.ssh/authorized_keys

Verify the SSH service status on the server:

sudo systemctl status sshd

Enable verbose mode during login for more details:

ssh -v username@server_ip

DEV Community