Setting up SSH keys for authentication

Encrypted cloud connection

Here are the steps how to add an SSH key for authentication on a linux machine.

SSH keypairs are combination of a public key that you can share on your remote machines and a private key that you should store securely and use for accessing the remote machines. They add both better security than passwords and less effort to remember different password for each server you log on.

Generating a keypair

You can generate a key pair by using the ssh-keygen command:

ssh-keygen -t rsa -b 4096

This will generate a keypair of two files (by default ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub).

Remember you should keep you private key secure and protected.

Authorizing your SSH key on a remote server

To use your SSH key for authentication you should add your public key to the remote machines authorized keys.

It’s a file in the ~/.ssh folder:

~/.ssh/authorized_keys

Edit that file and add your public key (usually the .pub) as a row in the authorized_keys

vim ~/.ssh/authorized_keys

Your public key will look something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFM9wOKgSxS1WlsOYMqScJuvwyJQ1cKD7Vqh46+LwuxTo0mVKs25JKrn6F0Wn7Ua3Ghb3BiW7BzLWm9kh3/0X6R+lvJe52g/bO347JzUBsZC8kiwz2IuYgwyAT9eILBcVCcuSKisPTTFlhlzOonKefQvRmECzbdLxJR0xn30Z18tVtdazwexPU46/EwlKhB0TWfCtm8LuOMbAIhIK61z8dgL+BB0pHfzeuJdbhbqDFNq9sF8B80lNEmhq7pFyTOyb1isXvLKbVzyp1uLWJJUgQMZYhem4XCltosjr7EvDlPEfW6pQXskyJGOJ1U4BUZrMxYzBaFYwQp8syqTfgm4Vf admin@ubuntu

You can add more than one authorized key per user, just put each of them on a new line.

Connecting using SSH keys

Now that you have the public key authorized, you can connect over SSH using the keypair for authentication.

To connect from you computer to a remote server using the keypair you can use ssh:

ssh -i ~/.ssh/id_rsa admin@your-server-ip-address

The -i flag points to the private key to be used. By default your SSH client will try to use the default name – id_rsa so if you haven’t changed it, you don’t need to specify it.

Tips

Generate a personal keypair and deploy your public key to the servers you need to access. It is safe to share your public key to other people. The one you should never share is your private key.

Don’t fool into using a team/company wide shared keypair. That doesn’t make much sense. Ask every member to generate a personal keypair and to provide you their public key in order to deploy it to servers and authorize their access.

Using keypairs for authentication is a basic security measure for your servers. Generaly it gives you a more secure and manageable access control on you SSH.