Strengthening Linux Security: A Step-by-Step Guide to SSH Public Key Authentication

Enhanced Security for Remote Access.

In the world of Linux system administration and cybersecurity, how you access your server is just as important as what you do on it. Secure Shell (SSH) is the industry standard for remote administration, but relying solely on user passwords can leave systems vulnerable to brute-force attacks.
Public Key Authentication is a more secure method that uses a pair of cryptographic keys (a public key and a private key) to validate identity. In this guide, I will walk you through the process of generating these keys, configuring the SSH daemon, and verifying the connection on a Linux environment.

Prerequisites

A Linux machine (I am using Kali Linux in this demonstration).
Basic familiarity with the terminal.
sudo privileges.

steps

1.Open your terminal.

and start the SSH daemon(sshd)
sudo service ssh start

check status if it is running
sudo service ssh status

2.Generate the Key Pair

We will use ssh-keygen to create our cryptographic keys. In my implementation, I am using the ED25519 algorithm, which is currently considered more secure and faster than the older RSA standard.

when promted:

File Location:

Press ENTER to accept the default location (/home/username/.ssh/id_ed25519).

Passphrase:

You will be asked for a passphrase(you can decide to enter kali). Crucial Security Step: While you can leave this empty, it is highly recommended to enter a strong passphrase.

1. Inspecting the Keys Navigate to the hidden SSH directory to verify your keys were created: Navigate to the directory and ls to see the files created.

4.Copying the Public Key to the Server

For the server to recognize you, your public key must be added to the server's authorized_keys file. Since I am simulating this locally, I will copy the key to my localhost.
ssh-copy-id -i ~/.ssh/id_ed25519.pub your-current-user@127.0.0.1

*Success Output:
* Number of key(s) added: 1

5.Verify the Configuration

To ensure the key was copied correctly, you can cat the authorized_keys file: using cat authorized_keys

6.The Final Test

Now, log out or open a new terminal and attempt to SSH into the machine again: using ssh localhost

At this point, enter the ""passphrase"" you entered above.

Conclusion

By disabling password logins and relying on SSH keys, you significantly reduce the attack surface of your Linux servers. This exercise is a fundamental skill for any aspiring SysAdmin or Cybersecurity professional.