Creating SSH key pairs involves generating a pair of cryptographic keys: a public key and a private key. The public key is shared with the server, while the private key is kept secure on your local machine. Here's how you can create SSH key pairs:
1. Generate Keys:
Open a terminal on your local machine. Use the ssh-keygen command to generate a new SSH key pair. If you want to use the default settings, simply run:
ssh-keygen -t rsa -b 2048
This command generates an RSA key pair with a key length of 2048 bits. You can adjust the key length if needed.
If you want to specify a different filename or path, you can use the -f option:
ssh-keygen -t rsa -b 2048 -f ~/.ssh/my_key
Follow the prompts to provide a passphrase. While optional, adding a passphrase adds an extra layer of security.
2. View the generated keys:
After running the ssh-keygen command, you'll have two files in the ~/.ssh/ directory (or the path you specified):
- id_rsa: The private key (keep this secure on your local machine).
- id_rsa.pub : The public key (this is what you share with servers).
3. Copy the public key to the server:
Use the ssh-copy-id command to copy your public key to the server. Replace user and server_ip with your username and the server's IP address or domain:
ssh-copy-id user@server_ip
If ssh-copy-id is not available, you can manually copy the contents of your public key and add it to the ~/.ssh/authorized_keys file on the server.
4. Test the SSH connection:
After adding the public key to the server, try connecting to the server using SSH. If you set a passphrase, you'll be prompted to enter it.
ssh user@server_ip
If everything is configured correctly, you should be able to log in without entering a password.
5. Optional: using SSH agent (for passphrase-protected keys):
If you set a passphrase for your private key, you might want to use an SSH agent to avoid entering the passphrase every time you connect. Start the SSH agent:
eval "$(ssh-agent -s)"
Add your private key to the agent:
ssh-add ~/.ssh/id_rsa
6. Disable Password Authentication (Optional):
For enhanced security, you can choose to disable password authentication on the server to enforce key-based authentication. Edit the SSH server configuration file (/etc/ssh/sshd_config):
Copy codesudo nano /etc/ssh/sshd_config
Find the line PasswordAuthentication and set it to no:
PasswordAuthentication no
Save the changes and restart the SSH service:
sudo systemctl restart ssh
7. Optional: Adjust SSH Configuration on Client Side:
You can configure your SSH client (~/.ssh/config) to use the specific key for connecting to the server. Create or edit the configuration file:
nano ~/.ssh/config
Add the following lines, replacing server_alias with a nickname for your server and ~/.ssh/id_rsa with the path to your private key:
Host server_alias HostName server_ip User user IdentityFile ~/.ssh/id_rsa
Now, you can connect to the server using the alias:
ssh server_alias
Now, you can connect to the server without entering the passphrase every time during the current session.
That's it! You've successfully created an SSH key pair and configured passwordless authentication to the server using your public key. This method provides a more secure and convenient way to authenticate to remote servers.