2. Setting up key-based authentication
Key-based authentication is where the client machine authenticates with the host using a long string of alphanumeric characters. Private Key is like the password and the public key is stored on the server. The server checks for the match between the two before authenticating. This is a much more secure manner of logging in via ssh into your server.
Steps to set up key-based authentication:
To Generate a key pair:
ssh-keygen -t RSA -b 4096 -m PEM
Breakdown of Command:
ssh-keygen
is used for generating ssh-key pairs- the
-t
attribute declares the type of ssh-key you want to generate. There are other types such as ed25519 -b
indicates the number of bits in the key-pair. The higher the number of bits, the longer it will take for a hacker or anyone to work out the private key. This is why it is not recommend to use anything below 4096 bits. You should also be aware that a higher number of bits, means it will take longer for you to log in every time.-m
indicates the file format the key needs to be saved in
It will then ask you for a prompt for a passphrase. You can think of this as a second-factor of authentication. You can leave this blank if you wish.
This will paste the id_rsa
private key file and the id_rsa.pub
in the ./.ssh
directory of your home user.
Copying Public Key to host machine from client machine:
ssh-copy-id username(@)192.197.255.3
You will next be prompted to enter the password of that username. Enter it and you're done. Try logging in via into the server, and you should be right in, or it will trigger an entry for the passphrase if you set one.
KEEP THE PRIVATE KEY FILE SAFE. AVOID DISTRIBUTING IT ONLINE VIA EMAIL OR ANYTHING. IF SOMEONELSE GETS IT, THEY WILL HAVE FULL ACCESS TO YOUR SERVER