DEV Community

Ashish-Chorge
Ashish-Chorge

Posted on

Step-by-step guide to configure SSH key-based authorization

1. Generate SSH Key Pair

  1. Log in to the node1 machine .

  2. Open the terminal and run:

ssh-keygen -t rsa -b 4096
Enter fullscreen mode Exit fullscreen mode

-t rsa: Specifies the RSA algorithm.

-b 4096: Key size (4096 bits).

  1. You will be prompted:

Enter file to save the key: Press Enter to save it in the default location (~/.ssh/id_rsa), or specify a custom location.

Enter passphrase: (Optional) Add a passphrase for extra security, or press Enter for no passphrase.

This will create two files:

Private key: ~/.ssh/id_rsa (keep this secure and private).

Public key: ~/.ssh/id_rsa.pub (used for authorization).

2. Copy Public Key to the Server

  1. Use ssh-copy-id to copy the public key to the server:
ssh-copy-id username@server_ip
Enter fullscreen mode Exit fullscreen mode

Replace username with your server’s username.

Replace server_ip with your server’s IP address.

  1. If ssh-copy-id is unavailable, manually copy the public key:
cat ~/.ssh/id_rsa.pub
Enter fullscreen mode Exit fullscreen mode

Copy the output.

On the server:

Log in using a password:

ssh username@server_ip
Enter fullscreen mode Exit fullscreen mode

Append the public key to the ~/.ssh/authorized_keys file:

echo "paste_public_key_here" >> ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Ensure the file permissions are correct:

chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
Enter fullscreen mode Exit fullscreen mode

3. Test SSH Key Authentication

  1. From the client machine, test the connection:
ssh username@server_ip
Enter fullscreen mode Exit fullscreen mode

If configured correctly, it will log in without asking for a password.

4. Disable Password Authentication (Optional but Recommended)

  1. Edit the SSH configuration file on the server:
sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode
  1. Look for and set the following options:
PasswordAuthentication no
PubkeyAuthentication yes
Enter fullscreen mode Exit fullscreen mode
  1. Restart the SSH service:

sudo systemctl restart sshd

5. Secure Your Keys

  1. Ensure proper permissions for the private key:
chmod 600 ~/.ssh/id_rsa
Enter fullscreen mode Exit fullscreen mode
  1. Do not share the private key with anyone or store it insecurely.

Troubleshooting Tips:

If key-based login doesn’t work, check the permissions of the following:

~/.ssh directory: chmod 700 ~/.ssh

~/.ssh/authorized_keys file: chmod 600 ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Verify the SSH service status on the server:

sudo systemctl status sshd
Enter fullscreen mode Exit fullscreen mode

Enable verbose mode during login for more details:

ssh -v username@server_ip
Enter fullscreen mode Exit fullscreen mode

Image of Datadog

The Essential Toolkit for Front-end Developers

Take a user-centric approach to front-end monitoring that evolves alongside increasingly complex frameworks and single-page applications.

Get The Kit

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more