These instructions should work similarly in most unix/linux command line environments. This was tested on Ubuntu LTS 20
Public Key Authentication offers a stronger and safer way to access your server compared to using passwords. Instead of just typing a password, this method uses two special keys — one called a private key, which is like a secret code that stays safe on your computer, and another called a public key, which is stored on the server you're trying to access.
How It Works:
Private Key: This key is yours and should never be shared with anyone. It’s like your personal digital signature that proves it’s really you trying to connect. You keep it stored securely on your device.
Public Key: This key is placed on the server you want to log into. It’s a little like leaving your signature with the server so it knows to expect you.
When you log in, the server creates a challenge using the public key. Your computer responds with a solution that can only be generated using your private key. If the response is correct, the server knows it’s really you and lets you in — no password required!
This system is much more secure than passwords because even if someone steals the public key or guesses your password, they still can’t log in without the private key that only you have.
- Generate SSH Key Pair: If you don't already have an SSH keys (Public and Private key pair), you can generate one on your local system using the ssh-keygen command. Open a terminal and type the following command.
ssh-keygen -t ed25519 -C "[email protected]"
- Replace "your_email@example.com" with your email address. Press Enter to accept the default file location and this is optional, but recommended, set a passphrase for added security.
- Using a passphrase with your SSH key ensures that even if your key were somehow stolen it cannot be utilized without the required passphrase.
- In your user home directory under the folder .ssh this will generate two files (i.e id_ed25519_sk andid_ed25519_sk.pub)
- The file without the .pub extension is your private key, this must be kept secure. The public key which has the .pub extension, can be shared and this is what you will place on the server to authenticate yourself
- Copy Public Key to Server: Once the key pair is generated, you'll need to copy the public key to your server. You can use the ssh-copy-id command for this. Replace username and server_ip with your username and server IP address respectively:
ssh-copy-id username@server_ip
- Alternatively, Manually Add Public Key: If ssh-copy-id is not available, you can manually add the public key to the ~/.ssh/authorized_keys file on your server. You can do this by copying the contents of your local ~/.ssh/id_ed25519.pub file and appending it to the ~/.ssh/authorized_keys file on the server. You can use a text editor like nano or vim to edit the file.
- Set Correct Permissions: If manually created ensure that the ~/.ssh directory and the ~/.ssh/authorized_keys file on your server has the correct permissions. You can set the permissions using the following commands: (This will set the permissions so only your user can read and write to that directory and file.)
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
- Test SSH Connection: Finally, test the SSH connection to ensure that public key authentication is working correctly. Open a new terminal window and attempt to SSH into your server.
- You should be able to log in without your password, if the SSH key was created with a passphrase you will be prompted to enter that to use the key.
