Public/private key authentication using SSH

Secure Shell (SSH) is a fundamental tool for administering servers. Using public/private key authentication greatly improves security over traditional passwords. This introduction outlines the benefits of key-based login and prepares you for the setup steps that follow.

1 Preparing your system

If your home directory does not have an .ssh directory - start by creating one:

mkdir -p $HOME/.ssh   

Set the permissions on it so that only you can see what’s in it and read from it:

 chmod 0700 $HOME/.ssh

2 Creating your keypair

Generating your private/public keypair requires the use of the ssh-keygen command:

 ssh-keygen -t rsa

SSH-Keygen then prompts you the Key Pair location and name, It provides a sensible default($HOME/.ssh/id_rsa), and unless you already have a keypair stored at that location i recommend using the default setting. SSH-Keygen also prompts for whether you want to set a password for your key, -this is highly recomended in order to strengthen security. Example key generation:

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/sshuser/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/sshuser/.ssh/id_rsa.
Your public key has been saved in /Users/sshuser/.ssh/id_rsa.pub.
The key fingerprint is:
40:de:ad:be:ef:ca:fe:ba:be:b0:a1:c2:fa:83:b2:a3 sshuser@workmachine
        The key's randomart image is:
+--[ RSA 2048]----+
| oo    ......     |
|.oo  .. .ooo     |
|o .o. . .o  .    |
| o ...+o.        |
|  o .=.=S        |
| .  .Eo .        |
|                 |
|                 |
|                 |
+-----------------+

Once the keys are generated, you will have two new files in the $HOME/.ssh/ directory:

• $HOME/.ssh/id_rsa - contains your private key.
• $HOME/.ssh/id_rsa.pub - contains your public key.

The private key must be carefully protected (even if you have set a password).

3 Installing the public key

In order to use your key pair to log in to remote servers, you need to transfer the public key to your existing account on the server. you can use either SCP to do a direct copy or use ssh-copy-id:

• scp

  text

  scp $HOME/.ssh/id_rsa.pub [email protected]:~/.ssh/authorized_keys

• ssh-copy-id:

  text

  ssh-copy-id -i $HOME/.ssh/id_rsa.pub [email protected]

4 Logging in with your key pair

Now that the keys are uploaded, you can connect to the server in the usual way:

ssh [email protected]

If you have taken care to password protect your key file, you will be asked for the password, and then you are logged in.

[email protected]>$

5 Historical Background

SSH emerged in the mid-1990s as a secure alternative to Telnet and rlogin. Its adoption skyrocketed because it encrypts traffic, preventing eavesdropping. Public key authentication quickly became the gold standard, ensuring that only authorized users gain access to servers.

6 Pros and Cons

Key pairs eliminate the need to remember complex passwords and reduce the risk of brute-force attacks. However, if you lose control of your private key or fail to protect it with a passphrase, unauthorized users could gain access. Regularly rotate keys and store them securely.

7 Actionable Tips

1. Use a strong passphrase when generating your private key.
2. Keep a backup of your key in a secure, offline location.
3. Disable password authentication on your server once key-based login works reliably.

8 Common Pitfalls

Permissions on the .ssh directory and files are critical. If they’re too open, SSH will refuse to use your keys. Ensure directories are 700 and private keys are 600 to avoid frustration.

9 Conclusion

Public/private key authentication offers a powerful defense against unauthorized access. By understanding the history and following these best practices, you’ll secure your servers while streamlining the login process.

10 Automating Key Management

Large organizations often automate key distribution using configuration management tools. This ensures consistency across servers and avoids manual errors. Even for small setups, scripts can simplify key rotation and prevent stale keys from lingering on systems.

11 Final Thoughts

Learning to use public and private keys effectively is a rite of passage for system administrators. Embrace best practices early, and you’ll reap the rewards of secure, streamlined access for years to come.