HOWTO : SSH to use RSA key for login

ssh-keygen -t rsa -b 2048

or

ssh-keygen -t rsa -b 4096

“Enter file in which to save the key (/home/samiux/.ssh/id_rsa): (Hit Enter)”

Press “Enter”

“Enter passphrase (empty for no passphrase):”

Enter your password twice.

nano /home/samiux/.ssh/id_rsa.pub

Copy the content.

SSH to your server. At the username directory.

sudo mkdir .ssh

sudo nano /home/username/.ssh/authorized_keys

Then pasted the previous copied key onto the authorized_keys file. Save it.

Still at the server.

sudo nano /etc/ssh/sshd_config

Change the following settings as is.

AuthorizedKeysFile %h/.ssh/authorized_keys
IgnoreUserKnownHosts yes
PasswordAuthentication no
#UseLogin no
UsePAM no

sudo /etc/init.d/ssh restart

When you login to the server again, you will ask for your RSA key passphrase once. Later, you will not be asked for any passphrase or password.

Advertisements

2 Responses

  1. Some things mentioned above may be obvious to those who are already familiar with Linux, but, like myself – someone who is just learning and is looking for ways to make their server a bit more secure, some of your recommended settings leave doubts to the reader.

    You lost me after “enter your password twice.”

    What am I supposed to do after? And what exactly are you supposed to copy, and paste where? I already have an existing .ssh directory, containing two files. I wasn’t sure to edit, so I just left it as it was. You also didn’t mention the difference between 2048 or 4096 – what does that mean? Is that the strength of the key generated?

    Sorry about the negative criticism, but I’m hoping you can clarify your instructions, so I (and the rest of us Linux noobs) can use them.

    Thanks.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: