SSH Key-Based Authentication

Lets take a look at how to step-up SSH key-based authentication on Linux. The process is similar when setting up a source Windows machine (recent Windows with SSH) and a destination Linux server.

Step 1: Generate the SSH Key

First, let’s generate an SSH key from the source machine. Open a terminal and enter the following command:

ssh-keygen

After running the command, you will see output similar to the following:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/emlin/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/emlin/.ssh/id_rsa
Your public key has been saved in /home/emlin/.ssh/id_rsa.pub
The key fingerprint is...

In this example, I chose to leave the password blank and saved to the default /home/emlin/.ssh/... path by simply pressing enter.

(Note: If you use a password on the key, it will prompt for a password every-time the key is used to authenticate. This might cause issues with scripting. Also note that without a password on the key, anyone with access to the key can use it to authenticate to the Server.)

Step 2: Copy the Public Key

Next, let’s copy the public key from the source machine to the server. Use the following command, replacing <user> with the desired user you want to authenticate as, and <ip/hostname> with the server’s IP address or hostname:

ssh-copy-id <user>@<ip/hostname>

When you run the command, you will see output similar to the following. When prompted, type “yes” and press enter:

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/emlin/.ssh/id_rsa.pub"
The authenticity of host '<ip/hostname> (<ip/hostname>)' can't be established.
ED25519 key fingerprint is SHA256:...
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Enter the password for the destination user when prompted:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
<user>@<ip/hostname>'s password: 

You should see the following upon successful completion:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '<user>@<ip/hostname>'"
and check to make sure that only the key(s) you wanted were added.

Step 3: Testing

To verify that the setup is working correctly, you can now use the following command on the source machine to log in to the destination server using the SSH key we just set up:

ssh <user>@<ip/hostname>