DEV Community

Ashish-Chorge
Ashish-Chorge

Posted on

Step-by-step guide to configure SSH key-based authorization

#linux

1. Generate SSH Key Pair

  1. Log in to the node1 machine .

  2. Open the terminal and run:

ssh-keygen -t rsa -b 4096
Enter fullscreen mode Exit fullscreen mode

-t rsa: Specifies the RSA algorithm.

-b 4096: Key size (4096 bits).

  1. You will be prompted:

Enter file to save the key: Press Enter to save it in the default location (~/.ssh/id_rsa), or specify a custom location.

Enter passphrase: (Optional) Add a passphrase for extra security, or press Enter for no passphrase.

This will create two files:

Private key: ~/.ssh/id_rsa (keep this secure and private).

Public key: ~/.ssh/id_rsa.pub (used for authorization).

2. Copy Public Key to the Server

  1. Use ssh-copy-id to copy the public key to the server: 
ssh-copy-id username@server_ip
Enter fullscreen mode Exit fullscreen mode

Replace username with your server’s username.

Replace server_ip with your server’s IP address.

  1. If ssh-copy-id is unavailable, manually copy the public key: 
cat ~/.ssh/id_rsa.pub
Enter fullscreen mode Exit fullscreen mode

Copy the output.

On the server:

Log in using a password:

ssh username@server_ip
Enter fullscreen mode Exit fullscreen mode

Append the public key to the ~/.ssh/authorized_keys file:

echo "paste_public_key_here" >> ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Ensure the file permissions are correct:

chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
Enter fullscreen mode Exit fullscreen mode

3. Test SSH Key Authentication

  1. From the client machine, test the connection: 
ssh username@server_ip
Enter fullscreen mode Exit fullscreen mode

If configured correctly, it will log in without asking for a password.

4. Disable Password Authentication (Optional but Recommended)

  1. Edit the SSH configuration file on the server: 
sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode
  1. Look for and set the following options: 
PasswordAuthentication no
PubkeyAuthentication yes
Enter fullscreen mode Exit fullscreen mode
  1. Restart the SSH service:

sudo systemctl restart sshd

5. Secure Your Keys

  1. Ensure proper permissions for the private key: 
chmod 600 ~/.ssh/id_rsa
Enter fullscreen mode Exit fullscreen mode
  1. Do not share the private key with anyone or store it insecurely.

Troubleshooting Tips:

If key-based login doesn’t work, check the permissions of the following:

~/.ssh directory: chmod 700 ~/.ssh

~/.ssh/authorized_keys file: chmod 600 ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Verify the SSH service status on the server:

sudo systemctl status sshd
Enter fullscreen mode Exit fullscreen mode

Enable verbose mode during login for more details:

ssh -v username@server_ip
Enter fullscreen mode Exit fullscreen mode
profile
AWS
 Promoted

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

Top comments (0)

profile
Neon
 Promoted

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

Read next

dubinko profile image

we are doing DevOps job market Q&A with folks from Google, AWS, Microsoft etc.

Dubinko -

ken_mwaura1 profile image

Nested Virtualization using VMware Workstation, Esxi and Windows 10 on Linux - Part 1

Zoo Codes -

nedtechie profile image

Master Linux File Types While Your Coffee Brews

Nedim Hadzimahmutovic -

arnu515 profile image

Easy development environments with Nix and Nix flakes!

arnu515 -