Setup ssh keys for authentication

Introduction

The most well known authentication method is password. Usually password are created by humans and in most of the cases human choses weak passwords since are easy to remember. Most of the time these insecure passwords are in common hackers dictionaries. Some users use to solve the weak password using a password manager like KeePass which seems to be reasonable to use with webapps, however for SSH key authentication is better. SSH supports what is called key-based authentication, which is based in a secure key for authentication. This tutorial is for setting up OpenSSH server using keys authentication.

Client setup

Clients need to generation the key pairs (public and private). We will upload the public key to the SSH server later.

ssh-keygen

When generating the SSH keys you will be propted for a password. We recommend to use a new password for this step. This will avoid someone else to use your keys.

Upload public keys to server

Now we are going to use ssh-copy-id command to upload the keys. You could this step manually appending your public key (~/.ssh/id_rsa.pub) to the ~/.ssh/authorized_keys on the server.

ssh-copy-id [email protected]

A more secure SSH setup

This step is optional, however is recommended to disable password authentication (specially for root user) Open the file /etc/ssh/sshd_config and change PasswordAuthentication to "no" value.

PasswordAuthentication no

Make sure to test your ssh key authentication before restarting the SSH server!

sudo service ssh restart