How to Set Up SSH Keys for Secure Server Access
Why SSH Keys are Better Than Passwords 1. Stronger Encryption SSH keys use robust encryption algorithms like RSA or ECDSA, ensuring high protection against unauthorized access. 2. No Password Transmission When using SSH keys, passwords are never transmitted over the network. This eliminates the risk of password interception during transmission over unsecured connections. 3. Key Storage Security Your private key stays only on your device, significantly reducing the risk for attackers even if your public key is exposed. 4. Convenience and Automation SSH keys allow for passwordless login, making them ideal for automated processes, such as scripts or backups. 5. Key Brute-Force Resistance Common key lengths (like 2048 bits for RSA) make it practically impossible to crack SSH keys using brute-force attacks. Overall, SSH keys are a vital component for securing your system, offering a high level of security and convenience during server access. Setting Up SSH Keys Step 1: Generate SSH Keys To generate a new SSH key pair, run the following command: ssh-keygen -t rsa This will create a key pair without a passphrase, ensuring secure access to the server. Step 2: Follow the Prompts During Key Generation Once you run the command, you will see the following prompts: Generating public/private rsa key pair. Enter file in which to save the key (/home/username/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/username/.ssh/id_rsa. Your public key has been saved in /home/username/.ssh/id_rsa.pub. The key fingerprint is: SHA256:7bFVOyHlwW6y4s3... username@hostname The key's randomart image is: +---[RSA 2048]----+ | .o. | | o..o= | | =.=o+. | | o = +E. | | . + = S | | . o + . | | . + . | | o . | | | +----[SHA256]-----+ Step 3: Add the Public Key to the Server On Windows: The public key is stored at: C:\Users\username\.ssh\id_rsa.pub On Linux: The public key is stored at: /home/username/.ssh/id_rsa.pub On the Server: To add your public key to the server, follow these steps: For your user: nano ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys For the root user: nano /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys Step 4: Disable Password Authentication To further enhance security, you can disable password authentication entirely. Open the SSH configuration file on your server: sudo nano /etc/ssh/sshd_config Find the line that says PasswordAuthentication and change it to no: PasswordAuthentication no Restart the SSH service to apply the changes: sudo systemctl restart sshd This will ensure that only SSH keys can be used for login, improving security by eliminating the possibility of password-based access. By following these steps, you'll significantly enhance the security of your server, ensuring only authorized users can access it using SSH keys.
Why SSH Keys are Better Than Passwords
1. Stronger Encryption
SSH keys use robust encryption algorithms like RSA or ECDSA, ensuring high protection against unauthorized access.
2. No Password Transmission
When using SSH keys, passwords are never transmitted over the network. This eliminates the risk of password interception during transmission over unsecured connections.
3. Key Storage Security
Your private key stays only on your device, significantly reducing the risk for attackers even if your public key is exposed.
4. Convenience and Automation
SSH keys allow for passwordless login, making them ideal for automated processes, such as scripts or backups.
5. Key Brute-Force Resistance
Common key lengths (like 2048 bits for RSA) make it practically impossible to crack SSH keys using brute-force attacks.
Overall, SSH keys are a vital component for securing your system, offering a high level of security and convenience during server access.
Setting Up SSH Keys
Step 1: Generate SSH Keys
To generate a new SSH key pair, run the following command:
ssh-keygen -t rsa
This will create a key pair without a passphrase, ensuring secure access to the server.
Step 2: Follow the Prompts During Key Generation
Once you run the command, you will see the following prompts:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:7bFVOyHlwW6y4s3... username@hostname
The key's randomart image is:
+---[RSA 2048]----+
| .o. |
| o..o= |
| =.=o+. |
| o = +E. |
| . + = S |
| . o + . |
| . + . |
| o . |
| |
+----[SHA256]-----+
Step 3: Add the Public Key to the Server
On Windows:
The public key is stored at:
C:\Users\username\.ssh\id_rsa.pub
On Linux:
The public key is stored at:
/home/username/.ssh/id_rsa.pub
On the Server:
To add your public key to the server, follow these steps:
For your user:
nano ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
For the root user:
nano /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
Step 4: Disable Password Authentication
To further enhance security, you can disable password authentication entirely.
-
Open the SSH configuration file on your server:
sudo nano /etc/ssh/sshd_config -
Find the line that says
PasswordAuthenticationand change it tono:
PasswordAuthentication no -
Restart the SSH service to apply the changes:
sudo systemctl restart sshd
This will ensure that only SSH keys can be used for login, improving security by eliminating the possibility of password-based access.
By following these steps, you'll significantly enhance the security of your server, ensuring only authorized users can access it using SSH keys.
