If you often use ssh to connect to a remote host, one of the ways to secure the connection is to use a public / private SSH key, since no password is transmitted over the network and the system is resistant to brute force attacks.
Creating a public / private SSH key in Linux is very simple.
1. Open a terminal. Enter:
$ ssh -keygen -t rsa
An alternative is to use Digital Signing Algorithm (DSA) technology to create a key:
$ ssh -keygen -t dsa
Note: There was a lot of debate about what is safer, DSA or RSA. In my opinion, if only you are not a fan of delving into technical details, there is not much difference between these technologies. Both work well.
2. In the screenshot below, you see a suggestion to specify a place to save the key. By default, this is the .ssh folder in your home directory. In order to accept the default settings, just press “Enter”.
3. Next, you will be asked to enter a passphrase. This is not the passphrase for connecting to a remote host. This is the passphrase for unlocking the private key, so it will not help you access the remote server, even if your private key is stored on it. Entering an ID phrase is optional. To leave it empty, just press “Enter”.
4. Now your public and private SSH keys should be generated. Open the file manager and go to the .ssh directory. You should see two files: id_rsa and id_rsa.pub.
5. Download the id_rsa.pub file to your remote host’s home directory (assuming the remote host is running Linux). Connect to the remote host using SSH and move the public key to its target directory using the commands:
$ cat id_rsa.pub >> ~ / .ssh / authorized_keys $ rm id_rsa.pub
6. Remaining on a remote host, open the SSH configuration file:
$ sudo nano / etc / ssh / sshd_config
Ensure that the following attributes have correct values:
RSAAuthentication yes PubkeyAuthentication yes PasswordAuthentication no
Press “ctrl + o” to save the changes, then “ctrl + x” to close the file.
7. Finally, restart the SSH server on the remote host:
$ sudo /etc/init.d/ssh reload
That’s all. Now you can connect to your remote host with the command:
$ ssh -i / path-to-private-key username @ remote-host-ip-address
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Recent Posts: TechnoBlogy