1. Setup SSH keys.
1.1. Check for existing SSH keys on your local machine.
Open a terminal and run the following:
$ cd ~/.ssh
Check to see if you have a key already:
If the local machine already has a pair of keys, you will see the message:
/home/username/.ssh/id_rsa already exists. Overwrite (y/n)?
If you overwrite existing keys, you cannot use them for authentication.
1.2. Back up old SSH keys.
- Do this in a terminal on your local machine by running:
$ mkdir key_backup
$ cp id_rsa* key_backup
1.3. Generate a new keys.
- On local machine to generate the keys RSA, the default is 2048 bits.
$ ssh-keygen -t rsa -b 4096 -f ~/file-name-rsa -C "firstname.lastname@example.org"
You will see request:
> Enter file in which to save the key (/your_home/.ssh/id_rsa):
Press enter to save the key pair to the .ssh / subdirectory in the home directory, or specify an alternative path. After that you will see:
> Enter passphrase (empty for no passphrase):
You will see this conclusion:
> Your identification has been saved in /home/username/.ssh/id_rsa.
> Your public key has been saved in /home/username/.ssh/id_rsa.pub.
> The key fingerprint is:…
1.4. Copy public key to remote server.
1.4.1. Copy key using
- The command uses the following syntax:
$ ssh-copy-id username@remote_host
$ ssh-copy-id -i ~/file-name-rsa username@remote_host
In order for it to work, you must have configured a simple password SSH authentication. Read more about
> The authenticity of host '188.8.131.52 (184.108.40.206)' can't be established.
> ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
> Are you sure you want to continue connecting (yes/no)? yes
This will happen when you first connect to the new host. Type
yes and press Enter to continue.
- Enter the password (your entry will not be displayed for security reasons) and press Enter.
ssh-copy-idwill connect to the account on the remote host using the provided password. Then it copies the contents of the ~ / .ssh / id_rsa.pub key to the authorized_keys file in the ~ / .ssh home directory of the remote account.
see installed key;
$ nano ~/.ssh/authorized_keys
1.4.2. Copy key using ssh.
- Use command
‘$ cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys’
1.4.3. Manually copying the public key (if you do not have password access).
Read your id_rsa.pub on local machine:
$ cat ~/.ssh/id_rsa.pub
Connect to a remote host using any available method.
On the remote host, create the ~ / .ssh directory:
$ mkdir -p ~/.ssh
Then you need to create the authorized_keys file and place the key from id_rsa.pub into it:
$ echo key_from_id_rsa.pub >> ~/.ssh/authorized_keys
1.5. Disable password authentication.
Before performing this section, make sure that the root account or the user with sudo access on the remote server is configured with SSH key-based authentication.
$ sudo nano /etc/ssh/sshd_config
edit and save
$ PasswordAuthentication no
restart SSH service for Ubuntu/Debian:
$ sudo systemctl restart ssh
or for CentOS/Fedora
$ sudo service sshd restart
1.5. Connect to the server.
$ ssh username@remote_host
$ ssh -i ~/file-name-rsa username@remote_host
1.6. Edit sshd_config file.
$ nano /etc/ssh/sshd_config
> PasswordAuthentication no
> PubkeyAuthentication yes
> PermitRootLogin no
$ sudo service sshd restart
1.7. Permissions And Ownership.
~./sshpermissions should be
$ sudo chmod 700 ~./ssh
~./sshshould be owned by your account
$ sudo chown username ~./ssh
~/.ssh/authorized_keys permissions should be 600
$ sudo chmod 600 ~/.ssh/authorized_keys
~/.ssh/authorized_keys should be owned by your account
$ sudo chown username ~/.ssh/authorized_keys