Table of contents
Base configuration
Configuring ssh key-based authentication isn't complicated. However, after configuring it, you will spend less time connecting to your remote machine.
To connect using ssh key-based authentication, we need to generate RSA keys. One public and another private. The private key will stay in place, and the public key will be copied to the remote machine.
Let's generate keys first. For this, we will use
On your local computer, run this command:
ssh-keygen -t rsa -b 4096
-t - The type of key.-b - The key length. The default value for RSA is 3072.
After key generation, if you list
id_rsa - Is the private key.id_rsa.pub Is the public key.
Now we need to copy the public key to the remote computer.
There are many tools to achieve this. However, I prefer to use the old way with
scp ~/.ssh/id_rsa.pub obaranovskyi@192.168.99.113:~/.ssh
~/.ssh/id_rsa.pub is the location of the public key on your local computerobaranovskyi - is the hostname of the remote computer: - just a separator~/.ssh - folder where you want to copy your public key
If it's the first time you are connecting to this machine, it will ask the following question:
Are you sure you want to continue connecting (yes/no/[fingerprint])?
You have to type
On the remote computer, you have to append your public key to a file called
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
We're done. Now we can try to connect to the remote computer with the base ssh command:
ssh obaranovskyi@192.168.99.113
It shouldn't ask for a password, but login right away.
Turn off the password authentication
One thing to consider is removing password authentication.
To do so, we need to uncomment
/etc/ssh/sshd_config:
...
PasswordAuthentication no
...
After you turn off the password authentication, you need to restart the ssh service
sudo service ssh restart
If you try to connect through ssh but from a computer that doesn't have your ssh keys, it won't let you in.
