Login with public key authentication is more secure than password authentication for several reasons, the main one is that you can disable the SSH password authentication on the server and eliminate all SHH brute force attempts. Also, public key authentication is simple and secure solution for remote password-less connections between servers.
In this article we will go over the necessary steps to create SSH authentication keys and how to use them.
Create a pair of ssh authentication keys, private and public:
ssh-keygen -t rsa -b 4096
The keys will be created at the /user_directory/.ssh/directory, the default name is id_rsa.
If you want to name the key use the -f option, use the -C option to customize the key comment:
ssh-keygen -t rsa -b 4096 -f ~/.ssh/key_name -C "$(whoami)@$(hostname)_$(date -I)"
* If you want to create a password-less key, press enter when asked for passphrase.
Examples of public key authentication usage:
Public key authentication with putty
1. Copy the following command output and save it with the file editor on your pc:
2. To convert the private key to the PPK format use PuTTYgen. Download the file puttygen.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and run the program.
3. Click Conversions, select import key and locate your key file.
4. Click the Save private key button and name the file key_name.ppk.
5. Open putty and navigate to the category Connection >> SSH >> Auth, click browse and load the ppk key.
Server to server SSH keys authentication
1) Copy the public key to the remote user authorized_keys file:
ssh-copy-id -i ~/.ssh/key_name.pub -p 22 user_name@remote_host
cat ~/.ssh/key_name.pub | ssh -p 22 user_name@remote_host "mkdir -p .ssh; cat >> ~/.ssh/authorized_keys"
After the public key has been added to the remote host include the private key by adding the option -i to the ssh connection command:
ssh -p 22 -i ~/.ssh/key_name user_name@remote_host