How to Create an SSH Key and Configure OpenSSH Server for Key Authentication
This tutorial aims to help everyone secure their servers by using SSH keys instead of passwords for SSH authentication.
Generating an SSH Key Pair
To create a new SSH key pair on your client machine:
1
ssh-keygen -t ed25519 -C "[email protected]"
-t ed25519: Specifies the key type as Ed25519, which is faster and more secure than RSA.-C "[email protected]": Adds a comment to the key for identification purposes.- Press Enter to accept the default file location.
- Set a passphrase for added security (optional).
Your public key will be saved in ~/.ssh/id_ed25519.pub.
Copying the Public Key to the Server
Use ssh-copy-id to transfer your public key to the server:
1
ssh-copy-id username@server_ip
This command ensures the proper permissions are set for the ~/.ssh directory and the authorized_keys file.
Alternatively, manually append your public key to the server’s ~/.ssh/authorized_keys file:
- Log in to the server.
Use the following command:
1
echo "yourkey" >> ~/.ssh/authorized_keys
Replace yourkey with the actual content of your public key (found in ~/.ssh/id_ed25519.pub). Ensure you append the key rather than overwriting the file.
Configuring OpenSSH Server
Edit the SSH server configuration file:
1
sudo nano /etc/ssh/sshd_configEnsure these settings are enabled:
1 2 3
PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no
PubkeyAuthentication yes: Enables public key authentication.AuthorizedKeysFile .ssh/authorized_keys: Specifies the file where public keys are stored.PasswordAuthentication no: Disables password authentication for added security.
Restart the SSH service:
1
sudo systemctl restart sshd
Testing SSH Key Authentication
Connect to your server:
1
ssh username@server_ip
If configured correctly, you will be authenticated using your SSH key. For debugging, use:
1
ssh -v username@server_ip
The -v flag provides verbose output to help identify any issues.
Troubleshooting
Permissions Issue: Ensure the
~/.sshdirectory andauthorized_keysfile on the server have the correct permissions:1 2
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
SSH Service Not Restarted: After modifying
sshd_config, restart the SSH service:1
sudo systemctl restart sshdKey Not Found: Verify the public key was copied correctly to the server:
1
cat ~/.ssh/authorized_keys
Security Note: Always use a strong passphrase for your private key. To avoid entering the passphrase repeatedly, use an SSH agent:
1
2
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
Disabling password authentication (PasswordAuthentication no) increases security, but ensure you have your SSH key configured correctly before making this change.