I.  Introduction

SSH (Secure Shell) is an encrypted protocol, which allows client system to communicate securely with a server. We can connect to our system remotely, perform administrator tasks and access files. Communicate with server using SSH keys is more secure and convenient way than password authentication.  

II. How To Configure SSH Key

1.     Configure SSH Key

Step1-Create the RSA Key Pair

Please take note that for creating key we can create both on Linux OS and on Window OS.

On Linux Client:

By default “ssh-keygen” will create a 2048-bit RSA key pair, which is secure enough for most use cases (We may optionally pass in the -b 4096 flag to create a larger 4096-bit key).

$ssh-keygen (To create key pair)

- This creating key is in "/home/sara/.ssh/id_rsa" (“sara” is home directory for user “sara”).

- Press enter to save the key pair into the ".ssh/" subdirectory in your home directory, or specify an alternate path.

- A passphrase adds an additional layer of security to prevent unauthorized users from logging in. 

On Window Client:

On Window OS, we can use PowerShell or third party software to generate or create key.

- Go to PowerShell  and type command "ssh-keygen.exe" .

- Set name of the key. 

- Enter the passphrase  and Confirm the passphrase.

-This creating key is in "C:\user\Network Engineer1/.ssh/id_rsa".

- Press enter to save the key pair into the ".ssh/" subdirectory in user’s directory, or specify an alternate path.

- A passphrase adds an additional layer of security to prevent unauthorized users from logging in. 

Third Party (PuTTYgen):

We have can download PuTTYgen application to generate key.

-"Parameters" section choose RSA and press Generate.

- Move the mouse randomly in the small screen in order to generate the key pairs.

- Enter a key comment, which will identify the key (useful when you use several SSH keys).

- Type in the passphrase and confirm it. The passphrase is used to protect our key. It will ask for it when you connect via SSH.

- Click "Save private key" to save our private key.

Step2-Copy the Public Key to SSH Server

After we create the key, we have to copy to server to make it much for remote.

For example, we will manually append the content of “id_rsa.pub” file and copy to SSH Server as “~/.ssh/authorized_keys” file for Linux Client:

Client:

Display and copy file

$ cat ~/.ssh/id_rsa.pub (To display id_rsa.pub)

Server:

We have to create folder “/.ssh” and file “authorized_keys”, and past the key from client machine in “/home/user/” directory.

# mkdir   -p /home/sara/.ssh (To create folder)

# vi /home/sara/.ssh /authorized_keys (To create file)

After we created “.ssh” and “authorized_keys”, we have to grant permission to them for user that needs to use key remote over ssh.

# chown -R sara:sara/home/username/.ssh ( To provide ownership for user “sara”)

# chmod 700 /home/sara/.ssh ( To provide permission for users)

# chmod 600 /home/sara/.ssh/authorized_keys ( To provide permission for other users)

Step3- Disable Password Authentication on Server

To disable password authentication, we have uncomment”#” for “PasswordAuthentication yes” and change it to “PasswordAuthentication no”   in “/etc/ssh/sshd_config”

# vi /etc/ssh/sshd_config (To edit file)

Step4-Enable Remote with key overs SSH

To enable it, we have uncomment it on “PubKeyAuthentication yes” in “/etc/ssh/sshd_config”

# vi /etc/ssh/sshd_config (To edit file)

Step5-Restart and verify SSH Service

After change it we have to restart SSH Service to make it effect.

# systemctl restart sshd (To restart Service)

# systemctl status sshd (To check Service)

2. Testing Remote

Here is we are testing remote from Linux Client to Linux to Linux Server

Server name: nginx_node1 with IP: 10.0.1.17

Remote from Client:

- Server required for passphrase

- Has confirmed by IP Address of Server “10.0.1.17”

- Confirmed by Server name “nginx_node1”