Howto Login to servers using SSH keys authentication

ssh keys authentication
Please follow and like us:

Using public key authentication is far more secure and smart way to manage server authentication. And it is quite easy to implement and use. Fortunately, unix/linux terminals allow users to create public/private SSH keys combination that can be used to authenticate and login to servers without any hassle.

The traditional SSH authentication using the combination of username/password is good but really not that secure anymore. The passwords can be guessed or even broken using brute force attack. At times even a compromised terminal can give away the passwords to hackers.

This is the first article in the series on “Systems Security”. The complete list of articles in the System Security series are listed below.

  1. How to setup SSH keys based authentication (current article)
  2. How to disable password based authentication
  3. How to setup UFW Firewall

Advantages of SSH Keys

  • Brute force fail: The biggest advantage of SSH keys is that the brute force attack will simply not work as it is close to impossible to guess the private key. Secondly, even if username/password combination is leaked, it will not matter as the keys will also need to match.
  • Username/Passwords can be lost. Keys are not: If you are like me, you are probably managing dozens of servers in the cloud. And at times it is not easy to remember all the different usernames and their corresponding passwords. And if we forget one, it is a cumbersome process to go through console to retrieve one. But with SSH keys, there is no such need.
  • Create once. Use hundreds of time: The private key is created once and is only saved on your machine safely. While the public key can be copied and shared as many systems as you like.

So here we explain the simple methods of generating SSH keys for authentication for Linux/Mac based machines.

Generate SSH Private Key

The first step is to create a private key on your Unix/Linux/Mac OSX based system. This is usually the machine from where you will be logging onto the servers. We assume it is your regular desktop. However, it could very easily be an online Linux machine. The steps are the same.

ssh-keygen is the little bash command that generates the key pair and manages it.

-t option is to specify what type of encryption to use to generate the key

rsa is the key encryption method.

It will then ask you to save the key. It is usually in .ssh folder within your home directory and the filename will be id_rsa. Something similar to the following:

/your/home/folder/ will vary based on your system. On Mac it could be

Either way, choose the default location. Hence, id_rsa is your private key.

Next it will ask you to enter a passphrase. Its sort of like a password but only longer and something that you can remember easily. This is important. Even if your Private key gets compromised, the hacker cannot use it to log into systems until they also get access to passphrase. So make sure you enter something that you can easily remember.

Once you press enter, it will generate the public key and save it to the following location with filename

That’s it. You have successfully generated the public and private keys. In the next step you will upload these keys to the server.

Upload Public Key to the Server

Now that we have the keys generated and saved. It is time to share/upload them to the servers where we want to log in without passwords. For this we will use the command called ssh-copy-id

And voila, you are all set. Now you should be able to log into the server with SSH key authentication rather than username and password method.

The above command will prompt you for your passphrase and then will let you in.

This is it. Enjoy using ssh key authentication over username and password onto your servers.

Once you have done the above successfully, we recommend that you go on and read the tutorial on How to Disable Password Based Authentication. This is the next tutorial in the “Systems Security” series on XenStreet and details how to do it.


Please follow and like us:

Techie by day, blogger by night. Love the outdoors, enjoy traveling and building new and interesting things. Follow me if you want to know something.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.