Secure Shell (SSH) is the de facto standard for accessing remote Linux machines. SSH long ago replaced telnet to add a much-needed layer of security for remote logins.
However, that doesn’t mean that the default SSH configuration is the best option for those who are a little more concerned about the security of their systems. By default, SSH works with traditional user and password logins. And while these logins are far more secure than Telnet, you’re still typing a password and sending it over the Internet.
Should someone intercept this password, they could access your machines (as long as they also knew your username).
There’s a much better way. This way is SSH key authentication. With key authentication, you bypass username and password authentication and replace them with a key pair. Why is that important? The main reason for extra security is that the only way to access these servers (when properly configured for SSH key authentication) is to have the matching key pair.
Likewise: How to make SSH even more user-friendly with configuration files
This is how it works:
You generate an SSH key.
You upload the public key to a remote server.
You configure SSH to only allow key authentication.
You log in from a desktop that contains the private key that matches the public key on the server.
Once configured correctly, you will only be able to access the server remotely if you have the appropriate private key. Without this key you will not get access. As long as you keep this private key secret, everything is fine.
But how do you do that? let me show you
To set up SSH key authentication, you need at least two Linux computers, one to log into and one to log into. I’m demonstrating using Pop!_OS as the desktop and Ubuntu Server as the remote server. However, this should work the same on almost any Linux distribution. You also need a user with sudo privileges. You should also make sure you have the same username on local and remote computers.
That’s it. Let’s do some SSH magic.
Likewise: How to install Ubuntu Server in less than 30 minutes
How to set up SSH key authentication in Linux for more secure logins
Likewise: Don’t Use These Passwords: These are the 10 logins most often found for sale online
How to configure the remote server for SSH key authentication
After copying your key, log in to the remote computer. What we are going to do now is configure the SSH server to only allow connections over SSH. One thing to note before doing this is that once configured, access will only be granted to people with SSH key authentication set up on the machine. Because of this, you should make sure you’ve copied SSH keys from any desktop computers you use to log into the remote server.
Likewise: How to manage SSH connections on MacOS with Termius
With it, open the SSH daemon configuration file on the remote server with the following command:
sudo nano /etc/ssh/sshd_config
In this file look for the line:
Change this line to:
Save and close the file. Restart SSH with:
sudo systemctl restart sshd
Now the only way to successfully access this computer is through SSH key authentication. Any computer that does not have a matching key pair will be denied access.
Congratulations, you’ve just added another layer of security to your Linux servers.