Set Up SSH Keys for Secure Server Access

Streamlining Server Access: A Step-by-Step Guide to Setting Up SSH Keys

Secure Shell (SSH) keys offer a more secure way of logging into a server with SSH than using a password alone. While a password can eventually be cracked with enough time and computing power, SSH keys are nearly impossible to decipher by brute force alone. This post will guide you through generating an SSH key pair, copying the public key to your server, setting the correct permissions, and troubleshooting common issues.

1. Generate SSH Key Pair: Open a terminal on your local machine. Run the following command to generate a pair of SSH keys:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

• This command generates a new RSA SSH key pair with a 4096-bit key length. Replace "your_email@example.com" with your actual email address.

  When prompted, you can choose the default file location (usually ~/.ssh/id_rsa) or specify a different location.

1. Copy Public Key to Server: Once the keys are generated, you need to copy the public key to the server you want to connect to. Use the ssh-copy-id command:

ssh-copy-id shaza@125.22.33.33

• Replace shaza with your actual username on the server and 125.22.33.33 with the server's IP address or domain name.

  If ssh-copy-id is not available, manually append the contents of your public key (~/.ssh/id_rsa.pub) to the authorized_keys file on the server.

• Set Appropriate Permissions on Server: Ensure that the permissions on the ~/.ssh directory and ~/.ssh/authorized_keys file on the server are set correctly. Run the following command:

ssh shaza@125.22.33.33 "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"

• This command sets the correct permissions on the server's .ssh directory and authorized_keys file.

• Test SSH Key-Based Authentication: Once the public key is copied and permissions are set, test SSH key-based authentication by attempting to SSH into the server:

ssh shaza@125.22.33.33

1. If everything is set up correctly, you should be able to log in without entering a password.

In summary, the SSH key pair (id_rsa and id_rsa.pub) is typically saved in the .ssh directory within your home directory (~). The private key (id_rsa) should be kept secure and not shared with anyone, while the public key (id_rsa.pub) can be distributed to servers for authentication.

Troubleshoot Common Issues :

chmod 600 ~/.ssh/authorized_keys chmod: cannot access '/home/shaza/.ssh/authorized_keys': No such file or directory s

If you're receiving a "No such file or directory" error when running the chmod command on ~/.ssh/authorized_keys, it likely means that the authorized_keys file does not exist in the .ssh directory.

Here's what you can do to resolve this issue:

1. Check if the .ssh directory exists: First, confirm whether the .ssh directory exists in your home directory. You can use the ls command with the -a option to show all files, including hidden ones:

ls -a ~/.ssh

If the directory does not exist, you need to create it:

mkdir ~/.ssh

• Create authorized_keys file: If the .ssh directory exists but the authorized_keys file is missing, you can create it:

touch ~/.ssh/authorized_keys

• Set appropriate permissions: Once the authorized_keys file is created, you can set the correct permissions using the chmod command:

chmod 600 ~/.ssh/authorized_keys

This command ensures that only the owner (you) has read and write permissions on the authorized_keys file.