Listen to this Post
Secure Shell (SSH) is a cryptographic network protocol for securely operating network services over an unsecured network. Key-based authentication is more secure than password authentication, as it uses cryptographic keys to verify identity.
Steps to Set Up Key-Based SSH Authentication
1. Generate SSH Key Pair (Client Side)
Run the following command on your local machine to generate an RSA key pair (public and private keys):
ssh-keygen -t rsa -b 4096 -C "[email protected]"
– You can optionally set a passphrase for added security.
2. Copy Public Key to Remote Server
Use `ssh-copy-id` to transfer your public key to the remote server:
ssh-copy-id username@remote_server_ip
Alternatively, manually append the public key (~/.ssh/id_rsa.pub) to `~/.ssh/authorized_keys` on the server.
- Disable Password Authentication (Server Side – Optional but Recommended)
Edit the SSH configuration file on the server:
sudo nano /etc/ssh/sshd_config
Set the following parameters:
PasswordAuthentication no PubkeyAuthentication yes
Restart the SSH service:
sudo systemctl restart sshd
4. Test SSH Key Authentication
Attempt to log in to the server:
ssh username@remote_server_ip
If configured correctly, youβll be logged in without a password prompt.
You Should Know:
- Backup Your Private Key β Losing it means losing access. Store it securely.
- Use Strong Passphrases β Even if the private key is stolen, a passphrase adds an extra layer of security.
- Agent Forwarding (For Advanced Users) β Use `ssh -A` to forward keys securely when hopping between servers.
- Revoking Access β To remove a userβs access, delete their key from
~/.ssh/authorized_keys. - Alternative Key Types β For better security, consider ED25519 keys:
ssh-keygen -t ed25519 -a 100
What Undercode Say:
Key-based SSH authentication is a fundamental security practice in Linux and DevOps. Beyond basic setup, consider:
– Fail2Ban β Protects against brute-force attacks:
sudo apt install fail2ban
– SSH Hardening β Restrict users and IPs in /etc/ssh/sshd_config:
AllowUsers your_username AllowGroups ssh_users
– Audit SSH Logs β Monitor login attempts:
sudo grep "Failed password" /var/log/auth.log
– Windows SSH Key Setup β Use `ssh-keygen` in PowerShell or WSL, then transfer keys via scp.
For automation, integrate SSH keys with Ansible or Terraform for seamless server management.
Expected Output:
A secure, password-less SSH login with audit and hardening measures in place.
(No irrelevant URLs or comments included.)
References:
Reported By: Kinge Hans – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass β
