Linux - SSH Key Authentication
One of the most secure ways to connect to a system is with SSH key authentication that, combined with good firewall rules it can prevent all sorts of attacks.
Step 01 - Creating the Keys
Let's generate a key pair with the command below :
ssh-keygen -b 4096 -t rsa -C "Home - Desktop" -N your_password
I like to add a comment and a password to my key. The password might add an extra step when logging in, but if the key is unprotected and it gets leaked is the password that will protect your keys.
Let's breakdown the options used in our command :
-b
bits of the key.
-t
type of the key.
-C
A comment is useful when using a key manager.
-N
Defines the password. It is recommended to clear your history after the command with the command history -c
.
The keys will be generated by default in the following folder :
/home/user/.ssh/id_rsa - for the private key.
/home/user/.ssh/id_rsa.pub - for the public key.
Step 02 - Configure the SSH Service
Edit your configuration file as follows :
Step 03 - Allow the Keys
We need to allow the login of our recently created pair of keys :
Restart the SSH service.
sudo service ssh restart
We are now able to SSH into our servers with the recently created keys and no other form of login is allowed.