Here’s a step-by-step guide for setting up SSH keys between your laptop and a cloud Linux server
Securely connecting your laptop to a cloud Linux server is a fundamental task for any IT enthusiast or professional. In this step-by-step guide, we will walk you through the process of establishing a secure and efficient connection using SSH keys. Say goodbye to password hassles and enhance your server management experience with this comprehensive tutorial
- On your laptop, open a terminal window and generate a new key pair using the ssh-keygen command. By default, this command will create a new RSA key pair in the ~/.ssh directory, with the filenames id_rsa (private key) and id_rsa.pub (public key). The command to generate the key pair is:
ssh-keygen -t rsaYou’ll be prompted to enter a file in which to save the key, just press enter and you’ll be prompted to enter a passphrase, if you don’t want to set a passphrase just hit enter.
2. Secure your .ssh files
chmod 600 id_rsa.pub3. Copy the public key to your cloud server. You can do this by using the ssh-copy-id command. This command will append your public key to the authorized_keys file on the remote server, allowing you to log in using your private key. The syntax for the command is:
ssh-copy-id user@remote_hostYou’ll be prompted for the remote user’s password.
4. Now you have set up the public key on the remote server and can try logging into the server using your private key. Use the ssh command, specifying the private key file with the -i option:
ssh -i ~/.ssh/id_rsa user@remote_hostIf you get an error over here, see below section on Error.
5. If you want to disable password based authentication and only allow ssh key based authentication on the server. You can open the ssh daemon config file on the server usually it located at /etc/ssh/sshd_config. Find the line that starts with PasswordAuthentication and set its value to no , this will disable password based auth. Reload the ssh daemon for the changes to take effect.
sudo systemctl reload ssh6. It is also a good idea to restrict the users that are allowed to log in via ssh. You can do this by editing the file /etc/ssh/sshd_config, and specifying the allowed users in the AllowUsers directive. This will ensure that only the specified users can log in via ssh.
7. For additional security you should configure your firewall to only allow connections to the ssh port from the IP addresses that are trusted.
8. Finally, Remember to keep your private key file secure and backed up, since you'll need it to log into the server in the future.
By following these steps, you'll have successfully set up SSH key-based authentication between your laptop and your cloud Linux server. Please note that the above instructions are general and might vary depending on your specific setup, ssh daemon and OS version.
ERRORS
bogdan.tudorache@NLHFD-MB1010 .ssh % ssh-copy-id bogdant@159.223.219.84
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/bogdan.tudorache/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed - if you are prompted now it is to install the new keys
bogdant@159.223.219.84: Permission denied (publickey).The error message “Permission denied (publickey)” indicates that the server is configured to use public key authentication, but the client (your laptop) is not presenting a valid key that the server recognizes.
Here are a few things you can check:
- Ensure that the public key file is correctly located at
~/.ssh/id_rsa.pubon your laptop. - Make sure that the key pair was generated correctly on your laptop, by running
ssh-keygen -t rsaand providing a valid file path. - Ensure that the ssh-copy-id command is being executed with the correct user, host and path to the public key.
ssh-copy-id bogdant@159.223.219.844. Check that the remote server is running an ssh daemon, and that it is configured to allow key-based authentication
5. Make sure that the user “bogdant” on the remote server has the necessary permissions to log in via ssh.
6. you can check the permissions of the ~/.ssh directory and ~/.ssh/authorized_keys file of the remote server, they should be 700 and 600 respectively, otherwise you can correct them by running these command:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys7. If none of the above worked, you might want to check that the public key is not already installed on the remote server, you can check that by running this command
cat ~/.ssh/authorized_keys8. If everything is in order and you still get an error, just copy your id_rsa.pub key into the server’s authorized_keys file.
9. If you still get an error probably the issue is with your firewall!
Bogdan Tudorache | Founder @ berrynews.org
If you like the article and would like to support me, make sure to:
👏 Clap for the story (50 Claps) to help this article be featured
🔔 Follow me
📰 Find more tech content in Tech & ML Articles
🔔 Connect w/ me: LinkedIn | Reddit
Source Hostinger
