Create SSH Key Authentication Between Nodes
Category : How-to
Secure key authentication is one of the more secure ways to grant users access to a Linux server. The standard password authentication which is usually used to login to a server is replaced with an SSH key which is presented when authenticating. This increases security as passwords can eventually be cracked using brute force or even guessed in some circumstances. SSH keys are impossible to guess and almost impossible to to hack using brute force due to their length and complexity.
A SSH key is actually two strings of characters – one which is private and is used to connect to the server and another which is public which sits on the server itself.
Run the below command to create the key pair on the client machine.
ssh-keygen -t rsa
Accept the default location to save the key which will be inside the current users home directory:
Enter file in which to save the key (/home/james/.ssh/id_rsa):
For additional security, you can add a passhrase to the private key. This means the key cannot be used without the passphrase which increases the security of the key itself. Simply press return if you do not wish to use a passphrase.
Note: if you are using the key for applications to gain access to other servers, it’s unlikely that a passphrase will be supported.
Enter passphrase (empty for no passphrase): Your identification has been saved in /home/james/.ssh/id_rsa Your public key has been saved in /home/james/.ssh/id_rsa.pub. The key fingerprint is: 46:ba:02:fd:2f:9c:b9:39:ec:6c:90:50:d8:ec:7b:00 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | + | | E + | | + . | | ..o o | | ...+. S | | .+..o | | .=oo | | oOo | | o=+. | +-----------------+
The two keys have been created;
- Private: /home/james/.ssh/id_rsa
- Public: /home/james/.ssh/id_rsa.pub
The final step is to copy the public key to the machine which you are going to connect to. In Debian or Ubuntu you can use the ssh-copy-id – you will need to change [USER] for the user who you will connect to the remote machine as and [SERVER] to the hostname or IP address of the remote server you will connect to.
Not all Linux distributions will contain the required ssh-copy-id utility, many CentOS/ Red Hat distributions do not for example, so you will need to use the manual method. Again, you will need to substitute the [USER] and [SERVER] attributes to the details of your remote machine.
cat /home/james/.ssh/id_rsa.pub | ssh [USER]@[SERVER] "cat >> ~/.ssh/authorized_keys"
It is not always recommended for security reasons but you can copy this public key to multiple machines so that you can use the same private key to connect to multiple remote machines.