building metal house architecture

SSH to unix clients/servers by using a private and public key.

Hi everyone today I am going to show you the fastest way to log in to your server using a public and a private key which is one of the safest and fastest way to log in to your server. A reminder that if you have PowerShell 7 on windows you can use all the following commands without a problem.

First of all type on the terminal:

ssh-keygen -b 4096

This will create a key which is 4096 bytes long.

Output:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/bob/.ssh/id_rsa):
Created directory '/home/bob/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/bob/.ssh/id_rsa
Your public key has been saved in /home/bob/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:FvYvi8g/CaL8oD0cCUfmJeEx2P5frMYcRUzkdqHs0AE bob@DESKTOP-ETD1U4R
The key's randomart image is:
+---[RSA 4096]----+
| o+.   ++oE..    |
|..=o.  oo..o .   |
| =.o   .* . .    |
|. +    o.+       |
| o o   oS .      |
|  o o o.o  .     |
| o.o = = .. .    |
| o=. .*.o. o     |
|. .o..o.o..      |
+----[SHA256]-----+

After typing the first command you will prompted to choose the location of the file and a password (optional) if you choose to write a password you will have to type it whenever you log into the server so even if someone else gets your private key somehow they still need to know the password from it. Now let’s send the public key generated by using the past command to the server so then when we try to login she server will match our public key storage with the private key that we send if they match it will grant access to us.

scp ~/.ssh/id_rsa.pub server@<ip>.2:/.ssh/authorized_keys

The scp means “secure copy” by using it we are first referring the location of our file (~/.ssh/id_rsa.pub) and then transferring to a certain location on server (server@<ip>:/.ssh/authorized_keys) just a reminder that the folder authorized_keys doesn’t necessarily need to be created for this to work we are only doing it for the sake of organization, as long as the public key is inside the .ssh folder it will work !

Now when you log in to your server tah dah you will log in without the need of a password.

Bonus:

Now let’s make it even more secure by disabling login requests without our private key which means that even if another user has the password it won’t be able to log in, type the following command:

sudo nano /etc/ssh/sshd_config 

Now scroll down until you find “#PasswordAuthentification yes” then remove the # and instead of “yes” your should write “no” the output should end up being like this:

PasswordAuthentification no

Then type ctrl + x then yes and then enter now let’s restart the ssh service for the change to get effected.

sudo systemctl restart sshd

That is all, hope I have helped you somehow, if you still have any questions leave on down bellow. As always have a wonderfull day 😉

Istvan Out 🚀

Leave a Reply :)