How to perform SSH key-based authentication in Linux

Posted on Christian By Christian No Comments on How to perform SSH key-based authentication in Linux
SSH key pair

SSH stands for Secure Shell and it is used to securely communicate between two host machines over an insecure network. It can be used for file transfer, accessing a remote machine application tunneling. Basically, SSH is the Linux equivalent for Windows Remote Desktop Protocol.

For SSH to work, you need to have Openssh installed on both the host machine as well as the remote machine. Openssh is normally installed by default on most Linux machines and if it is not on your machine, the package is included in your local repository. If that too, isn’t the case, just download the rpm file and have it installed on both systems.

PLEASE NOTE: As a rule of thumb, do not generate your ssh key as the root user because if you do as the root user, only the root user would be able to use that key.

Off we go…


Here are my system credentials:
– The remote machine (note the i.p address and the user name)

Linux authentication

The host machine (note the i.p address and the user name)

Public key authentication

On the remote machine, I have created a file called testfile for the purpose of this demonstration

Secure Shell access

GENERATE KEY PAIR IN THE HOST MACHINE


On the host machines’ terminal, type ssh-keygen and hit the Enter button. The outcome of this command will look the image below:

SSH key pair

By default, the ssh key is stored in the ~/.ssh directory and it is saved in a file called id_rsa. If you wish to change the file name, enter the name you want at the prompt and hit the Enter. Now, to perform SSH key-based authentication in Linux, it will prompt you for a passphrase/password. If you do not want to put a password, just ignore the prompt and hit the Enter button.

And as easy as that, you have successfully generated and stored your ssh key.

2. COPY THE KEY TO THE REMOTE MACHINE
Now copy the ssh key i.d to the remote machine with the command:

ssh-copy-id remote-username@remote-i.p-address
Linux authentication

For the first time you try to connect to the remote machine, it will ask if you are sure you want to proceed; type yes at the prompt.

If you have done everything well, you should get a confirmation message like the image below.

Secure Shell access

3. LOG INTO REMOTE MACHINE


At the terminal of the host machine, use the following command to log in remotely:

ssh remote-username@i.p-address

After you hit the Enter button, it should bring an authentication page as shown below

Linux authentication

Simply input the password/passphrase you used in creating the ssh key and you will have logged in successfully into the remote machine.

Well, the next two images show the testfile I created for this demonstration and its content.

Public key authentication
Secure Shell access

When you are done on the remote machine, just type exit at the terminal and you will be logged out of the remote machine and into your host machine.

SSHD CONFIGURATION FILE

Furthermore, the SSH server listens on port 22. In this section, I will show you how to change that to perform SSH key-based authentication in Linux. The configuration file for the SSH Daemon is found in /etc/ssh/sshd_config, and a cat command should reveal something like the image below:

Now, this is a very long file and this is just a small portion of it.

Open this configuration file with your text editor and look for the line #Port 22. Below that line, add the Port number you want for the SSH service to listen on to perform SSH key-based authentication in Linux.

In addition, Now restart the sshd server with the systemctl command

However, if you have SELinux and firewall set up and running, you will get a permission denied error when you try to run any of the SSH services. Moreover, I don’t have them configured, but I will help you with the command to perform SSH key-based authentication in Linux.

  1. To change the selinux label :
semanage port -a -t ssh_port_t -p tcp portnumber

for my demonstration, it will be : 

semanage port –a –t ssh_port_t tcp 60122
  • To open the firewall to the new port

firewall-cmd –add-port=60122/tcp        [hit Enter]

firewall-cmd –add-port=60122/tcp –permanent   [hit Enter] 

CONCLUSION
On a parting note; from the configuration file, you can make other changes such as:

  1. However, Allow access to root user account
  2. Add other users access to the ssh key
  3. Add listening address e.t.c

I hope you have found this tutorial on how to perform SSH key-based authentication in Linux helpful and easy to understand.

Rate this post
Linux Tags:

Related Posts

More Related Articles

zoom feature How to install Zoom video conference software on Linux System Linux
Slide2 1 SU Authentication Fix: Sudo Permission Denied in Ubuntu Linux
mailx [MAILX ERROR: STATUS=BOUNCED] Fixing Mailx error when sending emails from Command line Linux
SUID GUID Sticky Bit 1 Set Special File Permissions with SUID or GUID and Sticky Bit Linux
Slide4 How to install Let’s Encrypt on Apache Web Server Linux
squid proxy feature How to Set Up and Configure a Squid Proxy Server Linux

Leave a Reply