I’ve been using SSH for many reasons lately (X11 Forwarding, managing my server remotely, port forwarding, etc). One thing I’ve learned recently is how to use SSH Keys instead of passwords. There are two main advantages for me to use keys:
- It eliminates the need to type in my password all of the time (although you can set a password, then you’d need both the KEY and password combination to login)
- It’s generally safer than using a password (if you disable pure password authentication altogether)
Let’s get down to it, first you create the key. I’m using ECDSA, since it’s as safe as RSA or DSA, but requires less computation (not that it matters much since it’s used only during authentication). (Don’t use ecdsa, it’s believed to have a backdoor. For now we are better off with a 4096-bit RSA key, this post was modified accordingly) I heard that Putty and some older versions of OpenSSH don’t support ECDSA, so bear this in mind. Here we go:
ssh-keygen -t rsa -b 4096
It will ask you to create a passphrase (aka password). If you don’t, then you will be able to login without a password. Now we need to transfer the key to the remote machine (if you used DSA or RSA, the filename will be id_dsa and id_rsa respectively):
ssh-copy-id -i ~/.ssh/id_rsa.pub username@remotemachine
Where username is your user name and remotemachine is the hostname or ip address of the remote machine. Now we log in to the remote machine:
ssh username@remotemachine
If everything went well, you should be able to login without using a password. (:
If you want to disable password authentication, you can edit /etc/ssh/sshd_config:
PasswordAuthentication no ChallengeResponseAuthentication no
Some of the information was taken from: ArchWiki – SSH Keys
Update: A very good article about securing your SSH is given here: https://stribika.github.io/2015/01/04/secure-secure-shell.html