How to configure ssh key-based authentication on Ubuntu 16.04

Many of us still use plain password authentication to log in to remote Linux server. We login using a user name and password combination. In some cases, this is not enough to protect our system from unwanted login brute force attack. Fortunately there is another way to secure our remote login activity, using ssh key pair between local and remote server called private and public keys. I am not going to talk much about keypair, you can read it here.

Lets get started. On this tutorial I am going to show you how to log in to a remote Linux server using ssh key pairs.

Step 1 . Create SSH Keys

Output:
The command above will create new keys and it ask where to save the key. You can leave it in the default location ~./ssh/. The private key will be called id_rsa and the public key will be id_rsa.pub.

You will be asked to enter passphrase. Or you can also leave it blank. In this example, I leave it blank because I want to be able to connect to remote server without having to type password.

Now we can check the generated keys under .ssh directory

As you can see there are id_rsa, id_rsa.pub inside .ssh directory. At this point we now have private key (id_rsa) and also public key (id_rsa.pub)

Step 2. Copy public key to remote server

Now we can copy our public key to a remote server. In this case I will copy my public key to a CentOS server at 10.34.0.247.

The syntax is

Example

OK now try to connect to the remote computer using private-public key instead of using password.

At this point we already configured a ssh key based authentication, even I can now login to my remote server without password. BUT, I still can log in using the usual way, user and password combination. This is not what I want. Hacker still can brute force attack my server because the password-based mechanism is still active. Now I will disable the password-based authentication.

Disable Password Authentication

Edit ssh_config file using text editor

Find the following line and make sure you change it to “no”.

Close and save it and then restart ssh service

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*