Create and Install SSH keys on Linux for Improved Security

Create and install SSH keys on Linux

Are you thinking of improving the security of your server? Let’s create and install SSH keys on Linux in this guide and make your server safer. SSH key is a simple yet effective way of enhancing the security of your private server. It equips a dual authentication system that prevents unwanted access and improves the overall security and utility of your server. The SSH keys are nearly impenetrable. They use a combo of public and private key to ensure optimum security for your server. In the subsequent sections, we will take you through a step by step guide to equip SSH key login authentication for your server.

Create and Install SSH keys on Linux

Generate RSA Key Pair

First and foremost you need to generate a key pair on your local machine (Server). You can generate the key using the following command.

ssh – keygen  -t rsa

 

Save the Passphrase and Key

Once you enter the above command you will be prompted with the following

Enter file in which to save the key (/home/YourUserName/ .ssh/id_rsa) :

 

Press enter and the passphrase file would be saved to the home location under the name of the local user. Then you would be prompted to enter the passphrase.

Enter passphrase (empty for no passphrase) :

 

It is entirely your discretion whether you want to set a passphrase or not. Having a passphrase has its benefits but still carries the same weaknesses as any other secret code. The passphrase should not be shared with anyone that you don’t want to have access to the server. Note that if you set a passphrase you would have to enter it every time you use the key pair.

The key generation process would look something like this:

 

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
5a:df:0b:d6:27:2e:3c:fd:26:48:8d:75:35:2d:92:27 user@a
The key's randomart image is:
+--[ RSA 2048]----+
|          .oo.   |
|         .  o.E  |
|        + .  o   |
|     . = = .     |
|      = S = .    |
|     o + = +     |
|      . o + o .  |
|           . o   |
|                 |
+-----------------+

 

Once you have gone through the entire process outlined above you would have successfully saved the public key (/home/YourUserName/.ssh/id_rsa.pub) and the Private Key (/home/YourUserName/.ssh/id_rsa).

Copying the Public Key

Now that we have generated the key pair it is time to install the public key in the virtual server. Any one of the commands below can be used to accomplish this:

Ssh-copy-id YourUserName@Your_IP_Address
Cat ~/.ssh/if_rsa.pub |ssh YourUserName@Your_IP_Address “mkdir –p ~/.ssh && Cat >> ~/.ssh/authorized_keys”

 

After entering the command you would be prompted with following:

The authenticity of host '12.34.56.78 (12.34.56.78)' can't be established.
RSA key fingerprint is 5a:df:0b:d6:27:2e:3c:fd:26:48:8d:75:35:2d:92:27.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '1.222.546.78' (RSA) to the list of known hosts.
user@1.222.546.78's password: 
Now try logging into the machine, with "ssh 'user@1.222.546.78'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

 

Finally login to your user and if everything has gone correctly then you won’t be prompted for a password but you would be required to enter the passphrase if you have set one.

Disable Password for Root User (Optional)

This is an optional step if you wish to amp up the security of your server further. In this step, you would be restricting the root login so it can only be accomplished using the SSH Keys.

Use the following command to access the config file:

sudo nano /etc/ssh/sshd_config

Once the file open, find the line “PermitRootLogin” and change it so that the login is only possible through the SSH key.

PermitRootLogin without-Password

Finally, reload the SSH and you are done with our tutorial on how to Create and Install SSH keys on Linux.

Reload ssh

 

Final Words

That’s the end of this tutorial and if you aren’t using SSH keys by now, we suggest you to start doing it to prevent hackers from accessing your server. SSH keys are always better than nothing and I see no reasons not to add it, as it only takes a few mins. Oh, and don’t forget to keep the key safe and try not to lose it as that means you will be locked out of your server.

If you are running Ubuntu 16.04, we have another tutorial with some initial security tips: Initial Configuration of Ubuntu 16.04. If you have any questions about how to Create and Install SSH keys on Linux, please let us know in the comments below!

 

 

Leave a Reply