Linux

How to perform SSH key-based authentication in Linux

SSH stands for Secure Shell and it is used to securely communicate between two host machines over an insecure network. It can be used for file transfer, accessing a remote machine application tunneling. Basically, SSH is the Linux equivalent for Windows Remote Desktop Protocol.

For SSH to work, you need to have Openssh installed on both the host machine as well as the remote machine. Openssh is normally installed by default on most Linux machines and if it is not on your machine, the package is included in your local repository. If that too, isn’t the case, just download the rpm file and have it installed on both systems.

PLEASE NOTE: As a rule of thumb, do not generate your ssh key as the root user because if you do as the root user, only the root user would be able to use that key.

Off we go…
Here are my system credentials:
– The remote machine (note the i.p address and the user name)

The host machine (note the i.p address and the user name)

On the remote machine, I have created a file called testfile for the purpose of this demonstration

  1. GENERATE KEY PAIR IN THE HOST MACHINE
    On the host machines’ terminal, type ssh-keygen and hit the Enter button. The outcome of this command will look the image below:

By default, the ssh key is stored in ~/.ssh directory and it is saved in a file called id_rsa. If you wish to change the file name, enter the name you want at the prompt and hit the Enter. Now, it will prompt you for a passphrase/password. If you do not want to put a password, just ignore the prompt and hit the Enter button.

And as easy as that, you have successfully generated and stored your ssh key.

2. COPY THE KEY TO THE REMOTE MACHINE
Now copy the ssh key i.d to the remote machine with the command:

ssh-copy-id remote-username@remote-i.p-address

For the first time you try to connect to the remote machine, it will ask if you are sure you want to proceed; type yes at the prompt.

If you have done everything well, you should get a confirmation message like the image below.

3. LOG INTO REMOTE MACHINE
At the terminal of the host machine, use the following command to log in remotely:

ssh remote-username@i.p-address

After you hit the Enter button, it should bring an authentication page as shown below

Simply input the password/passphrase you used in creating the ssh key and you will have logged in successfully into the remote machine.

Well, the next two images show the testfile I created for this demonstration and its content.

When you are done on the remote machine, just type exit at the terminal and you will be logged out of the remote machine and into your host machine.

SSHD CONFIGURATION FILE

By default, the ssh server listens on port 22. In this section, I will show you how to change that. The configuration file for the SSH Daemon is found in /etc/ssh/sshd_config and a cat command should reveal something like the image below:

Now, this is a very long file and this is just a small portion of it.

Open this configuration file with your text editor and look for the line #Port 22. Below that line, add Port number you want the ssh service to listen on.

Now restart the sshd server with the systemctl command

However, if you have selinux and firewall set up and running, you will get permission denied error when you try to run any of the ssh services. I don’t have them configured but I will help you with the command:

  1. To change the selinux label :
semanage port -a -t ssh_port_t -p tcp portnumber

for my demonstration, it will be :

semanage port –a –t ssh_port_t tcp 60122
  • To open the firewall to the new port

firewall-cmd –add-port=60122/tcp        [hit Enter]

firewall-cmd –add-port=60122/tcp –permanent   [hit Enter] 

CONCLUSION
On a parting note; from the configuration file, you can make other changes such as:

  1. Allow access to root user account
  2. Add other users access to the ssh key
  3. Add listening address e.t.c

I hope you have found this tutorial helpful and easy to understand.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x