How to Set Up SSH Key Authentication on Your Server
Updated On: Oct. 23, 2024 Author: Kevin

How to Set Up SSH Key Authentication on Your Server

Secure Shell (SSH) is a widely used protocol for securely accessing and managing remote servers. While password authentication has been a common method for SSH access, it poses certain security risks, such as susceptibility to brute-force attacks or credential theft. By transitioning to SSH key authentication, you enhance the security of your server significantly. This method utilizes cryptographic key pairs to establish a secure connection, making it much more difficult for unauthorized users to gain access. In addition to bolstering security, SSH key authentication provides a more convenient way to manage server connections, allowing for password-less logins once set up. In this tutorial, we will guide you through the step-by-step process of configuring SSH key authentication on your server, ultimately securing your server against potential threats while streamlining your access experience.

 

Step 1: Edit the SSH Configuration File on Server

sudo nano /etc/ssh/sshd_config

 

Step 2: Modify Password Authentication on Server

Locate the line that contains PasswordAuthentication and uncomment or change it to:

PasswordAuthentication yes

 

Step 3: Restart the SSH Service on Server

After saving the changes, restart the SSH service with the following command:

sudo systemctl restart ssh.service

 

Step 4: Generate SSH Keys on the Client

You can generate one of the following types of SSH keys:

ssh-keygen -t rsa -b 4096
ssh-keygen -t dsa
ssh-keygen -t ecdsa -b 521
ssh-keygen -t ed25519

 

Step 5: Copy the Public Key to the Host Server from Client

Use the following command to copy your public key to the server. Replace user and host with your actual username and server address:

ssh-copy-id -i ~/.ssh/key-ecdsa user@host

 

Step 6: Revert Password Authentication on Server

Once you have successfully copied your key, change PasswordAuthentication back to no:

PasswordAuthentication no

 

Step 7: Restart the SSH Service Again on Server

Restart the SSH service to apply the changes:

sudo systemctl restart ssh.service

 

Step 8: Test Your SSH Connection from Client

Now, you can test your SSH connection using your private key. If everything is configured correctly, you should be able to connect without entering a password.

 

Note

If you change the SSH key name from the default, you will need to update it in the sshd_config file on the server.

 

References

For more information on generating SSH keys, visit SSH Key Generation.