Linux Tutorial: Key-based authentication with SSH
Image source: https://pixabay.com
Licensed under CC0 Creative Commons
What Will I Learn?
- How to generate public/private SSH key pair
- How to add private SSH key to ssh-agent
- How to copy public SSH key to remote machine
- How to connect to remote machine over SSH using key-based authentication
Requirements
- UNIX/Linux based OS
- OpenSSH suite
Difficulty
- Basic
Tutorial Contents
OpenSSH suite is being described by wikipedia.org as:
a suite of security-related network-level utilities based on the Secure Shell (SSH) protocol, which help to secure network communications via the encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities.
Utilities included with OpenSSH
ssh-keygen, ssh-agent, ssh, scp, sftp, sshd, keyscan
ssh-keygen, ssh-agent and ssh utilities from the list above will be used in this tutorial to demonstrate how to make a successful connection to a remote machine over SSH using key-based authentication.
Backing up existing SSH keys
Backing up existing SSH keys is highly recommended as a precaution, as they could be overridden while generating new ones in the next step.
Any existing SSH keys can be revealed by applying the following command:
$ ls ~/.ssh
ls: cannot access '.ssh': No such file or directory is displayed as an output if there is no existing SSH keys on the machine. In this case, backup is not necessary.
If a list of files is revealed instead, they all should be backed up.
The base directory should be changed to ~/.ssh.
$ cd ~/.ssh
The directory to hold SSH keys copies should be created.
$ mkdir ~/.ssh/mybackup
In the next step, SSH keys should be copied one by one to their backup directory.
$ cp mykey* mykeybackup
Note: A wildcard is applied to the key name to allow for copying both public and private keys at the same time.
Generating SSH key pair
A new SSH key pair is generated with ssh-keygen utility.
$ ssh-keygen -t rsa -b 4096
-t rsa option means that RSA public key algorithm is used for authentication and -b 4096 defines the size of the key.
First, the location for SSH keys must be provided. Default location can be used for convenience.
Security passphrase is a good security measure, and setting it up is highly recommended, as it is used to protect private keys from unauthorized access. It must be at least five characters long.
Adding private SSH key to ssh-agent
ssh-agent is designed to manage SSH keys. Security passphrases to private keys managed by the agent are automatically remembered by it's service.
Agent's process can be listed with ps utility.
$ ps -e | grep [s]sh-agent
If no output is displayed, ssh-agent is not running.
$ eval `ssh-agent -s`
SSH key can be added to ssh-agent with ssh-add utility.
$ ssh-add ~/.ssh/kmykey
If a passphrase was set while generating SSH keys, it must be provided for the ssh-agent to save it.
All keys that are currently managed by ssh-agent can be listed with ssh-add -l.
Copying public SSH key to remote machine
For a successful connection over SSH, with key-based authentication enabled, the public key from the local machine must be copied over to the remote.
$ ssh-copy-id -i ~/.ssh/mykey user@host
Entering the user password is required during the first login.
Accessing remote machine using key-based authentication will be possible, once the public key is copied.
Connecting to remote machine
Connection to a remote machine can be made with ssh utility.
$ ssh user@host
This time providing the user password will not be required anymore.
Posted on Utopian.io - Rewarding Open Source Contributors
Your contribution cannot be approved because it does not follow the Utopian Rules.
You can contact us on Discord.
[utopian-moderator]