Sec-Art: How to Set up SSH keys on a Linux based Client/Server

An SSH key is an access credential in the SSH protocol. Its function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users. SSH keys provide a more secure way of logging into servers with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone. Generating a key pair provides user with two long string of characters: a public and a private key. So we can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. We can increase security even more by protecting the private key with a passphrase. So lets get start.

1. Generating RSA key pairs :

The first step is to generating the public and private keys on the client machine. ssh-keygen utility is used to generate the key pairs :

 $ ssh-keygen -t rsa

At above '-t rsa' specifies the type of key to create, which is in this case rsa. And when we run the above command, then it will ask few questions

 Enter file in which to save the key (/home/ajay/.ssh/id_rsa):

It will show the default location where your public keys and private keys are stored, hit enter to leave it default

 Enter passphrase (empty for no passphrase):

Again it will ask for passphrase, and if you provide the passphrase then it required each time when you log in to your servers, Its basically adds extra security. To set passphrase, type your passphrase and hit enter two times, or two leave it, just hit enter twice.

 $ ssh-keygen -t rsa
 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/ajay/.ssh/id_rsa):
 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 Your identification has been saved in /home/ajay/.ssh/id_rsa.
 Your public key has been saved in /home/ajay/.ssh/id_rsa.pub.
 The key fingerprint is:
 af:8f:f5:06:b4:6f:c2:d1:cf:62:77:b7:9b:65:9b:7a ajay@ubuntu
 The key's randomart image is:
 +---[RSA 2048]----+
 |               |
 |                |
 |                 |
 |        .    |
 |        S. o     |
 |         .+ .    |  
 |         .o+ o  o|
 |         +o.* +EB|
 |        o..=.+oB+|
 +-----------------+

Now the public key is saved at /home/ajay/.ssh/id_rsa.pub and private key is saved at /home/ajay/.ssh/id_rsa.

2. Copying Public SSH keys To the Servers

Once the key pair is generated, then we need to place the public key on the servers that we want to access. We can do this by two methods :

With ssh-copy-id

ssh-copy-id is a script which installs an SSH key on a server as an authorized key. The syntax would be

 $ ssh-copy-id username@remotehost/IPAddress

 $ ssh-copy-id test@ubuntusrv
The authenticity of host 'ubuntusrv (192.168.0.151)' can't be established.
ECDSA key fingerprint is e4:b2:2c:32:64:0f:92:11:ca:01:46:60:ea:67:7e:23.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
test@ubuntusrv's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'test@ubuntusrv'"
and check to make sure that only the key(s) you wanted were added.

It will ask to 'continue connecting' type yes then hit enter. The ssh-copy-id will copy your public keys to server's "~/.ssh/authorized_keys" file.

Manual Method

To do it manually, use the below command

 $ cat ~/.ssh/id_rsa.pub | ssh username@remotehost "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

just replace the useranme and remotehost according to your server and run the above command and it will copy the public keys to servers authorized_key list. The above command will also ask for password for ssh-server just like above method.

Now we can login into our server test@ubuntusrv without providing password. However, if you set a passphrase, you will be asked to enter the passphrase at each time whenever you login.

Conclusion :

The Above shows, how to setting up SSH keys on a Linux based Client and Server systems.
Other SSH related posts :

How to reconnect to a disconnected ssh session on Linux based SSH Server
How to install OpenSSH Server on Ubuntu Linux 16.04
A Beginners Guide To SSH : How to start with SSH