Activating SSH Key Authentication and generating key pair

Table of Contents

Active SSH key authentication

In a previous example, I listed two simple ways to enhance SSH server security in your Linux VPS.

The article did not go into enough detail on how to generate and use the ssh rsa key pair, but it mentioned that the user holds the private key and that the server holds the public key.

This is the sequence of commands:

user@vps:~$ cd .ssh
user@vps:~/.ssh$ ls
authorized_keys known_hosts
user@vps:~/.ssh$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
07:25:e5:87:79:80:75:9c:27:50:29:ef:aa:1c:e1:0c user@vps
The key's randomart image is:
+--[ RSA 2048]----+
| .+*+oo |
| .+.== . |
| . +ooo |
| . o. |
| E S .. |
| + o . |
| + . |
| . .. |
| o. |
+-----------------+
user@vps:~/.ssh$ ls -la
total 24
drwx------ 2 root root 4096 Nov 17 23:47 .
drwx------ 6 root root 4096 Nov 17 23:33 ..
-rw-r--r-- 1 root root 797 Nov 17 23:47 authorized_keys
-rw------- 1 root root 1766 Nov 17 23:47 id_rsa
-rw-r--r-- 1 root root 393 Nov 17 23:47 id_rsa.pub
-rw-r--r-- 1 root root 1108 Nov 17 23:41 known_hosts
user@vps:~/.ssh$ cat id_rsa.pub >>authorized_keys
user@vps:~/.ssh$ ssh 10.1.1.53 -p 10022 -i id_rsa
Enter passphrase for key 'id_rsa':
Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.54-2 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Nov 17 23:04:47 2014 from 10.1.1.54

I started off by changing directory to ~/.ssh. Then I used “ssh-keygen” to generate the ssh public and private key in my Linux VPS.

I also chose to use a passphrase for my private key in case it gets compromised only I will know the passphrase (unless I was the victim of a keylogger or other malware) – to have an unprotected private key, just press enter at the passphrase prompt, as instructed in the output.

Next, the public key needs to be appended to the “~/.ssh/authorized_keys” file and to test your work.

The ssh command is based on ssh config changes from previous article, and it uses the “-i” switch to instruct ssh client what private key to use. After entering the passphrase, I am logged in.

Now it’s up to you if you want to keep this private key on the server or take it with you and delete it from server.

Note: Putty ssh client needs this key converted to a format to it’s understanding using puttygen.exe. This is subject of another article in the future.

Comments are welcome.

You can actually try those SSH activation steps on our platform in few minutes utilizing our PCS (Private Cloud Solution) which allows you to have VPSie(s) on a private network – NAT – Port forward – traffic control for inbound and outbound – multiple gateway IPs which you could use for the load-balancing and failover.

 

How to Create a Sudo User on RedHat

FAQ

SSH key authentication is a method of logging into a remote server using a cryptographic key pair instead of a password. The key pair consists of a private key that is kept on the client computer and a public key that is placed on the server.

To generate an SSH key pair on Debian, follow these steps:

  1. Open a terminal window on your local machine.
  2. Type the following command: ssh-keygen -t rsa
  3. You will be prompted to enter a filename for the key pair. Press Enter to accept the default location and filename.
  4. You will then be prompted to enter a passphrase for the key. This is optional, but highly recommended for added security.
  5. Your key pair will be generated and saved in the ~/.ssh directory on your local machine.

To activate SSH key authentication on your Debian server, follow these steps:

  1. Log in to your server as the root user.
  2. Open the SSH configuration file: nano /etc/ssh/sshd_config
  3. Find the line that says “#PubkeyAuthentication yes” and remove the “#” at the beginning of the line.
  4. Find the line that says “#AuthorizedKeysFile .ssh/authorized_keys” and remove the “#” at the beginning of the line.
  5. Save and close the file.
  6. Restart the SSH service: systemctl restart sshd.service

To add your public key to the authorized_keys file on the server, follow these steps:

  1. Copy your public key from your local machine: cat ~/.ssh/id_rsa.pub
  2. Log in to your server as the root user.
  3. Create the .ssh directory if it doesn’t exist: mkdir ~/.ssh
  4. Create the authorized_keys file: touch ~/.ssh/authorized_keys
  5. Open the authorized_keys file in a text editor: nano ~/.ssh/authorized_keys
  6. Paste your public key into the file and save it.
  7. Set the correct permissions on the file and directory: chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

To log in to your server using SSH key authentication, follow these steps:

  1. Open a terminal window on your local machine.
  2. Type the following command: ssh username@server_ip_address
  3. If this is the first time logging in from this machine, you will be prompted to add the server to your list of known hosts. Type “yes” and press Enter.
  4. If you set a passphrase for your key pair, you will be prompted to enter it.
  5. You should now be logged in to your server using SSH key authentication.
Make a Comment
Share on
Facebook
Twitter
LinkedIn
Print
VPSie Cloud service

Fast and Secure Cloud VPS Service

Try FREE
For a month

The First 1 orders gets free discount today! Try Sign up on VPSie to get a chance to get the discount.