Linux Commands

How to change SSH Password authentication to Key authentication on a Linux machine

Secure Shell is a protocol which allows you to access a remote computer securely. You can increase the security by changing the SSH Password Authentication to Key authentication. The procedure is explained below.

Create SSH key

The first step to configuring SSH key authentication is to generate an SSH key pair. So type the following command on your local machine to generate an SSH key pair.

 
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
47:84:27:f2:b2:2b:82:5e:f1:08:ce:cc:1a:72:ad:09 root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| ..              |
| . o..           |
| o o.            |
| . ..            |
| . . oS .        |
|= ..+ . .        |
|E*.o.. .         |
|++oo. .          |
|o.o. .           |
+-----------------+

You can give any name for key files during the key creation. By default this command will create two files in ~/.ssh folder, id_rsa and id_rsa.pub. id_rsa is your private key and id_rsa.pub is your public key. Now you have to change the permission of the private key file to 600

 
[root@localhost ~]# chmod 600 ~/.ssh/id_rsa

Then you have to copy the public key

 
[root@localhost ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZiCpKTeimka12e826b5D2yDer4316ZRKaiS1agKybFfG/
HJBjbIXop1jcwwiz8nLkS88T40+G0jIhEYIV3zejAav6lWEaZS7hHNjkeSevmpsx1yi62tGcFcwv7p4WLOUj
5AN9ewHrJvyRmwSLZldv3DNr4vN3dJb1mLE3iZ0St/RC7FJtck2styorDRNIuuL1mp+py1MBrWpXVpQL3UxG
NVeaKBnyyA/fXs6AHQTnLFSkW8mRAUTOIVuaouEnB5AbgwW5QpwNWvH93ieJgeZQJNH2fRJVy1HVx7TfooKe
drjmwyVny/2YXrr9duIkIdEEn/I1Xtk+KGggh root@localhost

Add the public key on your remote machine

Paste the public key in the remote machines ~/.ssh/authorized_keys file. Here we are adding the key for root user. So login to the remote server as root user.

 
[root@localhost ~]# ssh root@1.2.3.4
root@1.2.3.4's password:
[root@remote-machine ~]# echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZiCpKTeimka12e
826b5D2yDer4316ZRKaiS1agKybFfG/HJBjbIXop1jcwwiz8nLkS88T40+G0jIhEYIV3zejAav6lWEaZS7hH
NjkeSevmpsx1yi62tGcFcwv7p4WLOUj5AN9ewHrJvyRmwSLZldv3DNr4vN3dJb1mLE3iZ0St/RC7FJtck2st
yorDRNIuuL1mp+py1MBrWpXVpQL3UxGNVeaKBnyyA/fXs6AHQTnLFSkW8mRAUTOIVuaouEnB5AbgwW5QpwNW
vH93ieJgeZQJNH2fRJVy1HVx7TfooKedrjmwyVny/2YXrr9duIkIdEEn/I1Xtk+KGggh root@localhost"
>> ~/.ssh/authorized_keys

If the file ~/.ssh/authorized_keys does not exist, you have to create it. And change the permission of ~/.ssh folder to 700 and ~/.ssh/authorized_keys file to 600.

Configure the SSH on remote machine for key authentication

Now you have to configure the SSH for key authentication. So make changes on ssh configuration file as follow

 
[root@remote-server ~]# vim /etc/ssh/sshd_config

PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no

Restart the SSH service

 
[root@remote-server ~]# service sshd restart

Now you can try the key authentication from your local machine.

 
[root@localhost ~]# ssh -i ~/.ssh/id_rsa root@1.2.3.4

Here we have saved the ssh private key on ~/.ssh/id_rsa file. So we gave that location on the above command. You can save it anywhere, but you have to use the full path of that key in the ssh command.

If you like the post and wish to receive more articles from us, please like our FB page: If you like this post and wish to receive more articles from us, please like our FB page: Button

Your suggestions and feedbacks will encourage us and help to improve further, please feel free to write your comments.

For more details on our services, please drop us an E-mail at info@grepitout.com