Secure Shell (SSH) is a cryptographic network protocol that provides secure communication over an insecure network. SSH is widely used for remote login, file transfer, and remote command execution. One of the key features of SSH is its ability to use public key authentication, which provides stronger security than password authentication. In this article, we’ll show you how to enable public key authentication in SSH.
What is Public Key Authentication?
Public key authentication is a method of authentication that uses a key pair instead of a password. The key pair consists of a private key and a public key. The private key is kept secret, and the public key is shared with others. When a user tries to authenticate, the server sends a challenge to the user. The user signs the challenge with their private key and returns it to the server. The server verifies the signature with the user’s public key. If the verification succeeds, the user is authenticated.
Public key authentication is more secure than password authentication because the private key is kept secret and never transmitted over the network. It also eliminates the risk of password brute-force attacks.
Generating a Key Pair
To use public key authentication, you need to generate a key pair. You can do this using the ssh-keygen
command. This command generates a private key and a public key.
To generate a key pair, open a terminal and type:
ssh-keygen
The command prompts you to enter a file name to save the key. You can accept the default file name or enter a different name. You’ll also be prompted to enter a passphrase. A passphrase is an extra layer of security that encrypts the private key.
After you’ve generated the key pair, you’ll have two files: a private key and a public key. The private key should be kept secret and never shared. The public key can be shared with others.
Adding the Public Key to the Server
To use public key authentication, you need to add the public key to the server. You can do this by appending the public key to the authorized_keys
file on the server.
To append the public key to the authorized_keys
file, use the following command:
cat ~/.ssh/id_rsa.pub | ssh user@server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Replace user
with your username and server
with the server’s hostname or IP address.
The cat
command reads the contents of the public key file (~/.ssh/id_rsa.pub
) and pipes it to the ssh
command. The ssh
command logs into the server and creates the ~/.ssh
directory if it doesn’t exist. It then appends the public key to the authorized_keys
file.
If you have multiple public keys, you can append them all to the same authorized_keys
file.
Configuring SSH to Use Public Key Authentication
To configure SSH to use public key authentication, you need to edit the sshd_config
file on the server. This file is usually located in /etc/ssh/sshd_config
.
Open the sshd_config
file in a text editor and look for the following lines:
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
Uncomment the PubkeyAuthentication
and AuthorizedKeysFile
lines by removing the #
at the beginning of the lines. If the lines don’t exist, add them to the file.
The PubkeyAuthentication
line enables public key authentication and the AuthorizedKeysFile
line specifies the location of the authorized_keys
file.
After making the changes, save the file and restart the SSH server:
sudo systemctl restart sshd
Testing Public Key Authentication
To test public key authentication, try to log in to the server using SSH. If everything is set up correctly, SSH should authenticate you using your public key.
To log in using SSH, type the following command:
ssh user@server
Replace user
with your username and server
with the server’s hostname or IP address.
If SSH asks you for a password, something is wrong with your configuration. Check that the public key is in the authorized_keys
file and that the sshd_config
file is configured correctly.
If SSH authenticates you without asking for a password, public key authentication is working.
Conclusion
Public key authentication provides stronger security than password authentication and eliminates the risk of password brute-force attacks. By following the steps in this article, you can enable public key authentication in SSH and improve the security of your system.
Remember to keep your private key secure and never share it with anyone. If you suspect your private key has been compromised, generate a new pair and replace the old one.
For more information about SSH and public key authentication, check out the following resources:
📕 Related articles about Linux
- How to list processes by user and group in Linux
- How to change system hostname in Linux
- How to Create RAR File Archive in Linux
- How to restore MBR from backup in Linux
- How to add user to group in Linux
- How to check disk size and usage in Linux