Setting up authorization on the server with SSH key.

Creating SSH keys for secure login to your server

If you decide to set up ssh key authentication on the server, the first thing to do is to generate secret and public RSA keys.

Once generated, the public key is copied to the server and the secret key remains stored on the local computer.

To generate key pairs run the command:

ssh-keygen -t rsa -b 2048

The program prompts you to specify the directory where the key files will be saved and asks you to enter a secret phrase

Press Enter to use the default settings, then the program will save the keys to the directory .ssh in the user's home directory

To go to the directory with the keys, run the command:

cd ~/.ssh

There will be two files in the directory:

  • id_rsa - secret key

  • id_rsa.pub - public key

Copy the secret key file to a safe place and transfer the public key to the server.

Enter the generated public key into the authorized keys of the server. To do that, copy the contents of id_rsa.pub to the end of the file authorized_keys:

cat id_rsa.pub >> ~/.ssh/authorized_keys

Set up ssh authorization by key in the OpenSSH server config:

nano /etc/ssh/sshd_config

Match the current settings with the parameters below:

PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no

To disable password login, change the value of the parameter:

UseLogin no

Set permissions:

chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys

Next, restart the ssh server.

service sshd restart

This completes the server setup.

Setting up ssh authorization by key in Linux

For ssh key authorization in Linux, create a file ~/.ssh/config and copy the lines below into it. Then specify the server address and the location of the secret key file by analogy.

Host server.net
IdentityFile ~/.ssh/keys/id_rsa

Set permissions on the file:

chmod 600 ~/.ssh/config

To login to the server using SSH authorization by key, run the command:

ssh [email protected]

If you want to manually specify the location of the key, run the command:

ssh -i ~/.ssh/id_rsa [email protected]
Need help?Our engineers will help you free of charge with any question in minutesContact us