You’ve used password authentication to connect to your server via SSH, but there’s a more secure method available: key pair authentication. In this section, you’ll generate a public and private key pair using your desktop computer and then upload the public key to your server. SSH connections will be authenticated by matching the public key with the private key stored on your desktop computer - you won’t need to type your account password. When combined with the steps outlined later in this guide that disable password authentication entirely, key pair authentication can protect against brute-force password cracking attacks.
Here’s how to use SSH key pair authentication to connect to your server:
Generate the SSH keys on a desktop computer running Linux or Mac OS X by entering the following command in a terminal window on your desktop computer.
ssh-keygenThe SSH keygen utility appears. Follow the on-screen instructions to create the SSH keys on your desktop computer. To use key pair authentication without a passphrase, press Enter when prompted for a passphrase.
Two files will be created in your \~/.ssh directory: id_rsa and id_rsa.pub. The public key is id_rsa.pub - this file will be uploaded to your server. The other file is your private key. Do not share this file with anyone!
Upload the public key to your server with the secure copy command (scp) by entering the following command in a terminal window on your desktop computer. Replace example_user with your username, and 122.222.22.22 with your server’s IP address. If you have a Windows desktop, you can use a third-party client like WinSCP to upload the file to your home directory.
scp ~/.ssh/id_rsa.pub example_user@122.222.22.22:Create a directory for the public key in your home directory (/home/yourusername) by entering the following command on your server:
mkdir .sshMove the public key in to the directory you just created by entering the following command on your server:
mv id_rsa.pub .ssh/authorized_keysModify the permissions on the public key by entering the following commands, one by one, on your server. Replace example_user with your username.
chown -R example_user:example_user .sshThe SSH keys have been generated, and the public key has been installed on your server. You’re ready to use SSH key pair authentication! To try it, log out of your terminal session and then log back in. The new session will be authenticated with the SSH keys and you won’t have to enter your account password. (You’ll still need to enter the passphrase for the key, if you specified one.)
chmod 700 .ssh
chmod 600 .ssh/authorized_keys