How to set up SSH Public-key Authentication to Connect to a Remote Server

Introduction

SSH is a free, open-source, and secure protocol used for managing remote servers via command-line interface. It is often used by the system administrators to connect and manage remote Linux servers. There are two ways to connect remote SSH servers, password-based authentication and key-based authentication.

Public Key Authentication is a secure method to log in to a remote server without providing a password. This method uses a cryptographic key pair for validation. It helps you to prevent brute force attacks. In this method, only users with a public key can able to connect to a server.

SSH key pairs are stored in plain-text files and consists of two parts:

• Private Key - The private key is created with the name id_rsa and store on your local system.

• Public Key - The Public key is created with the name id_rsa.pub. You will need to copy this key to the remote server you intend to log in to.

In this post, we will show you how to set up public-key authentication to connect to a remote Linux server.

Requirements

• A server running Ubuntu 20.04 operating system.

• A root password is set up on your server.

Generate an SSH Key Pair

In order to configure SSH key authentication, you will need to generate an SSH key pair on your local system. You can generate a key pair using the RSA algorithm.

ssh-keygen -t rsa

You will be asked to supply a filename and location of the file as shown below:

Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa):

Leave it default and press Enter. You will be asked to provide a password to protect your private key file:

Enter passphrase (empty for no passphrase): Enter same passphrase again:

Just press Enter to generate a key pair as shown below:

Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: b2:fb:b5:16:99:02:ca:00:d1:f1:6b:99:81:ab:74:83 root@newpc The key's randomart image is: +--[ RSA 2048]----+ |.o.. | |. .o | | .. o | | o. =. | | E.==...S o | |....+ o. + | |. . ... | | . ... | | ..... | +-----------------+

You can check the generated keys using the following command:

ls -l ~/.ssh/

You should see both keys in the following output:

-rw------- 1 root root 1675 Sep 18 12:30 id_rsa -rw-r--r-- 1 root root 392 Sep 18 12:30 id_rsa.pub -rw-r--r-- 1 root root 3108 Aug 25 16:59 known_hosts

Copy a Public Key to a Remote Server

There are several ways to copy a public key to the remote server. Here, we will show you two methods to copy a public key to the remote server.

Copy a Public Key Using ssh-copy-id

The simple and easiest way to copy your public key to the remote server is to use a ssh-copy-id command utility.

Run the following command to copy your public key to the remote server:

ssh-copy-id root@remote_host

You will be asked to provide a password of remote server as shown below:

The authenticity of host 'remote_host (remote_host)' can't be established. ECDSA key fingerprint is 47:86:4c:84:08:42:cb:2e:bb:99:d4:ae:22:59:3a:b5. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@remote_host's password:

Provide your root password and hit Enter. You should get the following output:

Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@remote_host'" and check to make sure that only the key(s) you wanted were added.

Copy a Public Key Using SSH

You can also use the SSH command to copy your public key to the remote server.

Run the following command to copy your public key to the remote server:

cat ~/.ssh/id_rsa.pub | ssh root@remote_server "cat >> ~/.ssh/authorized_keys"

Verify SSH Key-based Authentication

At this point, SSH key-based authentication is configured between your local system and remote server. You can now verify it using the following command:

ssh root@remote_host

If everything is fine, you can log in to a remote server without providing any password:

Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-29-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Last login: Sat Sep 18 05:56:08 2021 from 106.222.22.32 root@ubuntu2004:~#

Disable Password Authentication on Remote Server

At this point, you have successfully configured SSH key-based authentication. However, your password-based authentication is still enabled on remote servers. So it is a good idea to disable the password authentication on a remote server.

You can disable the password authentication on remote server by editing /etc/ssh/sshd_config file:

nano /etc/ssh/sshd_config

Change the following line:

PasswordAuthentication no

Save and close the file then restart the SSH service to apply the changes:

systemctl restart ssh

Conclusion

Congratulations! you have successfully configured SSH key-based authentication between your local system and remote Linux server. You can now log in to the remote server without providing a root account password.