Linux Commands

How to change SSH Password authentication to Key authentication on a Linux machine

Secure Shell is a protocol which allows you to access a remote computer securely. You can increase the security by changing the SSH Password Authentication to Key authentication. The procedure is explained below.

Create SSH key

The first step to configuring SSH key authentication is to generate an SSH key pair. So type the following command on your local machine to generate an SSH key pair.

[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
47:84:27:f2:b2:2b:82:5e:f1:08:ce:cc:1a:72:ad:09 root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| ..              |
| . o..           |
| o o.            |
| . ..            |
| . . oS .        |
|= ..+ . .        |
|E*.o.. .         |
|++oo. .          |
|o.o. .           |

You can give any name for key files during the key creation. By default this command will create two files in ~/.ssh folder, id_rsa and id_rsa is your private key and is your public key. Now you have to change the permission of the private key file to 600

[root@localhost ~]# chmod 600 ~/.ssh/id_rsa

Then you have to copy the public key

[root@localhost ~]# cat ~/.ssh/
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZiCpKTeimka12e826b5D2yDer4316ZRKaiS1agKybFfG/
drjmwyVny/2YXrr9duIkIdEEn/I1Xtk+KGggh root@localhost

Add the public key on your remote machine

Paste the public key in the remote machines ~/.ssh/authorized_keys file. Here we are adding the key for root user. So login to the remote server as root user.

[root@localhost ~]# ssh root@
root@'s password:
[root@remote-machine ~]# echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZiCpKTeimka12e
vH93ieJgeZQJNH2fRJVy1HVx7TfooKedrjmwyVny/2YXrr9duIkIdEEn/I1Xtk+KGggh root@localhost"
>> ~/.ssh/authorized_keys

If the file ~/.ssh/authorized_keys does not exist, you have to create it. And change the permission of ~/.ssh folder to 700 and ~/.ssh/authorized_keys file to 600.

Configure the SSH on remote machine for key authentication

Now you have to configure the SSH for key authentication. So make changes on ssh configuration file as follow

[root@remote-server ~]# vim /etc/ssh/sshd_config

PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no

Restart the SSH service

[root@remote-server ~]# service sshd restart

Now you can try the key authentication from your local machine.

[root@localhost ~]# ssh -i ~/.ssh/id_rsa root@

Here we have saved the ssh private key on ~/.ssh/id_rsa file. So we gave that location on the above command. You can save it anywhere, but you have to use the full path of that key in the ssh command.

If you like the post and wish to receive more articles from us, please like our FB page: If you like this post and wish to receive more articles from us, please like our FB page: Button

Your suggestions and feedbacks will encourage us and help to improve further, please feel free to write your comments.

For more details on our services, please drop us an E-mail at