SSH/SFTP Authentication with SSH Private Key
Create SSH Key Pair
Using Password to Login to SSH Server is a lot less secure and it also allows others to brute force it.
This is why it's recommended to use Private/Public Key Authentication method instead.
Since this method uses SSH Private/Public key, you have to generate it first. After you run ssh-keygen
it will ask you for a password which would be used for private key encryption.
No provided password - unencrypted private key
I would strongly recommend to enter it, since the key is stored in File System, it's easily accessible to copy for anyone who have access to your computer.
!!! Never send your SSH Private Key to anyone or save in the public place.
Copy SSH Public Key to the Server
Let's say you have a server with domain name server.com
and user account with name user
. Copy your public key to the server.
scp ~/.ssh/id_rsa.pub [email protected]:/tmp/id_rsa.pub
Next example commands will use
-p
arguments to show you what it is needed if your server has Custom SSH Port, for example 2048. Use argument-p
with port number-p 2048
afterscp
orssh
commands. If your server uses default SSH Ports - delete that argument and port number from command.
scp -p 2048 ~/.ssh/id_rsa.pub [email protected]:/tmp/id_rsa.pub
Login to the Server
ssh -p 2048 user@server
Append Authorized Keys list file with a newly uploaded Key
cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys
Test Authentication
Try to login to the Server with a same command. It should then ask you for a key decryption passphrase instead of the normal password (only if you entered it during key generation process).
ssh -p 2048 user@server
Disable password Authentication (Optional)
Be very carefull when disabling password Authentication method, since you have to be sure you will connect successfully with SSH Key. Also, users who use password authentication on that server will not be able to login anymore.
Edit /etc/ssh/sshd_config
file and make sure that PasswordAuthentication
parameter is set to no
.
Restart SSH Server after changing parameter:
service ssh restart