2. Setting up key-based authentication
Key-based authentication is where the client machine authenticates with the host using a long string of alphanumeric characters. Private Key is like the password and the public key is stored on the server. The server checks for the match between the two before authenticating. This is a much more secure manner of logging in via ssh into your server.
Steps to set up key-based authentication:
To Generate a key pair:
ssh-keygen -t RSA -b 4096 -m PEMBreakdown of Command:
ssh-keygenis used for generating ssh-key pairs- the
-tattribute declares the type of ssh-key you want to generate. There are other types such as ed25519 -bindicates the number of bits in the key-pair. The higher the number of bits, the longer it will take for a hacker or anyone to work out the private key. This is why it is not recommend to use anything below 4096 bits. You should also be aware that a higher number of bits, means it will take longer for you to log in every time.-mindicates the file format the key needs to be saved in
It will then prompt you to enter a new passphrase. You can think of this as a second-factor of authentication. You can leave this blank if you wish by pressing Enter
This will paste the id_rsa private key file and the id_rsa.pub in the ./.ssh directory of your home user.
Copying Public Key to host machine from client machine:
ssh-copy-id username(@)192.197.255.3You will next be prompted to enter the password of that username. Enter it and you're done. Try logging in via into the server, and you should be right in, or it will trigger an entry for the passphrase if you set one.
KEEP THE PRIVATE KEY FILE SAFE. AVOID DISTRIBUTING IT ONLINE VIA EMAIL OR ANYTHING. IF SOMEONELSE GETS IT, THEY WILL HAVE FULL ACCESS TO YOUR SERVER
No Comments