How To Create SSH Keys For Login Authentication
Introduction
SSH Keys provide a secure way for login authentication into a Linux and Unix based servers without typing your password, this is very useful as a System Administrator in order to automate tasks, run remote commands on servers or to copy files over ssh using rsync or scp.
Create your SSH keys
I will show you how to create your ssh keys for login into a remote server without a Password.
Now, open a terminal or a ssh session to your jump server and run the following command to generate your SSH key pair:
ssh-keygen -t rsa
Note: You will be prompted to select a location for saving the keys that will be generated, and to type a secure passphrase. I use the defaults, so I just hit enter the 3 times.
An example of the output:
Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: 44:5f:25:7c:f4:10:aa:e1:f4:00:01:43:4e:e8:bc:f5 user@localhost The key's randomart image is: +--[ RSA 2048]----+ | oo ...+. | |.oo . .ooo | |o .o. . .o . | | o ...+o. | | o .=.=S | | . .Eo . | | | +-----------------+
It will create two new files:
/home/user/.ssh/id_rsa - contains your private key. /home/user/.ssh/id_rsa.pub - contains your public key.
Copying the SSH Keys to the remote Server
The easiest way to copy your public key to an existing server is to use the utility called ssh-copy-id
. Because of its simplicity, this method is recommended if available.
Use the command as follows:
ssh-copy-id username@hostname
The output should be something like this:
The authenticity of host '0.0.0.0 (0.0.0.0)' can't be established. ECDSA key fingerprint is ad:fd:d4:d9:77:fe:73:84:e1:55:00:ad:d6:6d:22:re. Are you sure you want to continue connecting (yes/no)? yes
Note: This will happen the first time you connect to a new host. Type “yes” and press ENTER to continue.
Next, you will be prompted for your password, for the last time, just type it and press ENTER. Example of the output:
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys username@0.0.0.0's password:
Note: Your typing will not be displayed for security purposes.
It will then copy the contents of your ~/.ssh/id_rsa.pub
key into a file in the remote account’s home ~/.ssh
directory called authorized_keys
. You will get an output like:
Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'username@0.0.0.0'" and check to make sure that only the key(s) you wanted were added.
Congratulations! Your public key has been uploaded to the remote server. Now you can SSH into the remote server without typing a password.
Manually copying your SSH Keys
If ssh-copy-id utility is not installed on your system, you can always copy your public key if you have ssh access to the remote server, use the following command:
cat ~/.ssh/id_rsa.pub | ssh username@hostname "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
From the above line, just replace the “username” with your actual user and the “hostname” with the remote server address. It will prompt for your password, type it and hit Enter to finish.
Conclusion
The SSH Keys for login authentication are the best way to do a passwordless remote login into your severs. Not only is passwordless auth safe to use, it might even be safer than the traditional username and password login. What do you think about it?
If you to want learn more about this tutorial or have any questions, feel free to send your comments down below.
Don’t forget to check our other Tutorials, we are constantly submitting new ones every week.
Tags: passwordless authentication, remote login ssh, ssh keys