Now you can to configure and connect to a remote system using SSH key pairs.
The system now no longer allows password authentication for logins. Restart the SSH service by entering the following: sudo systemctl restart ssh Find and modify the following lines to look as follows: PasswordAuthentication noĤ. Next, edit the sshd_config file in a text editor of your choice (we are using nano): sudo nano /etc/ssh/sshd_configģ. This username should have sudo privileges.Ģ. Start by logging into the remote server: ssh
You are logging into the server with a sudo user account.ġ.You can log into the server without a password (such as using an SSH connection with a key pair, detailed in this article).It prevents brute-force attacks against attempting to log in to the server.īefore continuing, double-check to make sure: You just give it the remote address and it adds your public key to the authorizedkeys file on the remote machine: ssh-copy-id. Step 5: Disable Password Authentication (Optional)ĭisabling password authentication is a security precaution. OpenSSH comes with a command to do this, ssh-copy-id. 1: Create and save the SSH key files Issue the ssh-keygen command see the example below: testdemo: ssh-keygen -t rsa -b 4096 Generating public/private rsa. You should now have an SSH connection to the remote server. If you set a passphrase during Step 2, enter it when prompted. The system may display that the authenticity of the host can’t be established. From the client system, open a terminal window and enter the following: ssh Ģ. If you’re using the root Debian user account on the server, the directory owner must be set to the user account that will be logging in remotely to the server: sudo chown -R user:user ~/.ssh Step 4: Log in Remotely Using SSHġ. Set the correct permissions for the new directory: sudo chmod -R go= ~/.sshħ. Replace ssh_public_key with the actual public key displayed by the cat command.Ħ. Next, add the public key to the authorized_keys file by entering the following: sudo echo ssh_public_key > ~/.ssh/authorized_keys Note: If the ~/.ssh directory already exists, the command will exit without making changes.ĥ.