DEV Community

gourab yousuf basir
gourab yousuf basir

Posted on

Never Type Your SSH Password Again: A Complete Guide to SSH Key Authentication

Are you tired of typing your password every time you connect to a remote server via SSH? In this guide, I'll show you how to set up SSH key-based authentication, a more secure and convenient way to connect to your servers.

What is SSH Key Authentication?

Before diving into the setup, let's understand what SSH keys are. Think of SSH keys as a pair of locks and keys:

  • You have a public key (the lock) that you put on the server
  • You keep a private key (the key) on your computer
  • When you connect, your private key proves your identity to the server without needing a password

Step-by-Step Setup Guide

1. Generate Your SSH Key Pair

First, you'll need to create your SSH key pair. Open your terminal and run:

ssh-keygen -t ed25519
Enter fullscreen mode Exit fullscreen mode

When you run this command:

  • It will ask where to save the key (press Enter for default location)
  • It will ask for a passphrase (press Enter twice for no passphrase)
  • The default location is ~/.ssh/id_ed25519 (private key) and ~/.ssh/id_ed25519.pub (public key)

đź’ˇ Pro Tip: Using ed25519 is recommended as it's more secure and modern than older alternatives like RSA.

2. Copy Your Public Key to the Server

There are two ways to do this:

Method 1: Using ssh-copy-id (Recommended)

ssh-copy-id username@remote_host
Enter fullscreen mode Exit fullscreen mode

This is the easiest method as it handles everything automatically.

Method 2: Manual Copy

If ssh-copy-id isn't available, you can do it manually:

cat ~/.ssh/id_ed25519.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Enter fullscreen mode Exit fullscreen mode

3. Set Proper Permissions

SSH is particular about security permissions. On the remote server, run:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

Troubleshooting

If you're still being prompted for a password, check these common issues:

  1. File Permissions: Incorrect permissions are a common cause. Double-check them:
   ls -la ~/.ssh
Enter fullscreen mode Exit fullscreen mode
  1. SSH Server Configuration: Ensure key authentication is enabled in /etc/ssh/sshd_config:
   PubkeyAuthentication yes
Enter fullscreen mode Exit fullscreen mode
  1. SELinux/AppArmor: If you're using these security systems, they might be blocking key authentication.

Security Best Practices

  1. Use Strong Keys: Always use ED25519 or RSA with at least 4096 bits
  2. Protect Your Private Key: Never share your private key or upload it anywhere
  3. Consider Using a Passphrase: For additional security, add a passphrase to your key
  4. Regular Key Rotation: Consider generating new keys periodically

Additional Tips

Creating Configuration Shortcuts

You can make SSH even more convenient by adding entries to your ~/.ssh/config file:

Host myserver
    HostName server.example.com
    User username
    IdentityFile ~/.ssh/id_ed25519
Enter fullscreen mode Exit fullscreen mode

Then you can simply type:

ssh myserver
Enter fullscreen mode Exit fullscreen mode

Using SSH Agent

If you do use a passphrase, you can avoid typing it repeatedly by using ssh-agent:

eval $(ssh-agent)
ssh-add ~/.ssh/id_ed25519
Enter fullscreen mode Exit fullscreen mode

Conclusion

Setting up SSH key authentication is a one-time investment that pays off in both security and convenience. No more password prompts, and you get better security! It's a win-win situation.

Remember: while this setup is more convenient, it's crucial to keep your private key secure. If someone gets access to your private key, they can access all servers that trust that key.


Last updated: November 2024

Top comments (0)