1. Generate SSH Key Pair
Log in to the node1 machine .
Open the terminal and run:
ssh-keygen -t rsa -b 4096
-t rsa: Specifies the RSA algorithm.
-b 4096: Key size (4096 bits).
- You will be prompted:
Enter file to save the key: Press Enter to save it in the default location (~/.ssh/id_rsa), or specify a custom location.
Enter passphrase: (Optional) Add a passphrase for extra security, or press Enter for no passphrase.
This will create two files:
Private key: ~/.ssh/id_rsa (keep this secure and private).
Public key: ~/.ssh/id_rsa.pub (used for authorization).
2. Copy Public Key to the Server
- Use ssh-copy-id to copy the public key to the server:
ssh-copy-id username@server_ip
Replace username with your server’s username.
Replace server_ip with your server’s IP address.
- If ssh-copy-id is unavailable, manually copy the public key:
cat ~/.ssh/id_rsa.pub
Copy the output.
On the server:
Log in using a password:
ssh username@server_ip
Append the public key to the ~/.ssh/authorized_keys file:
echo "paste_public_key_here" >> ~/.ssh/authorized_keys
Ensure the file permissions are correct:
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
3. Test SSH Key Authentication
- From the client machine, test the connection:
ssh username@server_ip
If configured correctly, it will log in without asking for a password.
4. Disable Password Authentication (Optional but Recommended)
- Edit the SSH configuration file on the server:
sudo nano /etc/ssh/sshd_config
- Look for and set the following options:
PasswordAuthentication no
PubkeyAuthentication yes
- Restart the SSH service:
sudo systemctl restart sshd
5. Secure Your Keys
- Ensure proper permissions for the private key:
chmod 600 ~/.ssh/id_rsa
- Do not share the private key with anyone or store it insecurely.
Troubleshooting Tips:
If key-based login doesn’t work, check the permissions of the following:
~/.ssh directory: chmod 700 ~/.ssh
~/.ssh/authorized_keys file: chmod 600 ~/.ssh/authorized_keys
Verify the SSH service status on the server:
sudo systemctl status sshd
Enable verbose mode during login for more details:
ssh -v username@server_ip
Top comments (0)