DEV Community

Ashish-Chorge
Ashish-Chorge

Posted on

Step-by-step guide to configure SSH key-based authorization

1. Generate SSH Key Pair

  1. Log in to the node1 machine .

  2. Open the terminal and run:

ssh-keygen -t rsa -b 4096
Enter fullscreen mode Exit fullscreen mode

-t rsa: Specifies the RSA algorithm.

-b 4096: Key size (4096 bits).

  1. You will be prompted:

Enter file to save the key: Press Enter to save it in the default location (~/.ssh/id_rsa), or specify a custom location.

Enter passphrase: (Optional) Add a passphrase for extra security, or press Enter for no passphrase.

This will create two files:

Private key: ~/.ssh/id_rsa (keep this secure and private).

Public key: ~/.ssh/id_rsa.pub (used for authorization).

2. Copy Public Key to the Server

  1. Use ssh-copy-id to copy the public key to the server:
ssh-copy-id username@server_ip
Enter fullscreen mode Exit fullscreen mode

Replace username with your server’s username.

Replace server_ip with your server’s IP address.

  1. If ssh-copy-id is unavailable, manually copy the public key:
cat ~/.ssh/id_rsa.pub
Enter fullscreen mode Exit fullscreen mode

Copy the output.

On the server:

Log in using a password:

ssh username@server_ip
Enter fullscreen mode Exit fullscreen mode

Append the public key to the ~/.ssh/authorized_keys file:

echo "paste_public_key_here" >> ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Ensure the file permissions are correct:

chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
Enter fullscreen mode Exit fullscreen mode

3. Test SSH Key Authentication

  1. From the client machine, test the connection:
ssh username@server_ip
Enter fullscreen mode Exit fullscreen mode

If configured correctly, it will log in without asking for a password.

4. Disable Password Authentication (Optional but Recommended)

  1. Edit the SSH configuration file on the server:
sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode
  1. Look for and set the following options:
PasswordAuthentication no
PubkeyAuthentication yes
Enter fullscreen mode Exit fullscreen mode
  1. Restart the SSH service:

sudo systemctl restart sshd

5. Secure Your Keys

  1. Ensure proper permissions for the private key:
chmod 600 ~/.ssh/id_rsa
Enter fullscreen mode Exit fullscreen mode
  1. Do not share the private key with anyone or store it insecurely.

Troubleshooting Tips:

If key-based login doesn’t work, check the permissions of the following:

~/.ssh directory: chmod 700 ~/.ssh

~/.ssh/authorized_keys file: chmod 600 ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Verify the SSH service status on the server:

sudo systemctl status sshd
Enter fullscreen mode Exit fullscreen mode

Enable verbose mode during login for more details:

ssh -v username@server_ip
Enter fullscreen mode Exit fullscreen mode

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay