How to Use Public Key Authentication with SSH {Step-by-Step Guide} (2024)

Table of Contents
Using SSH Key for authentication Generating SSH Key Pair Configuring one or multiple SSH/SFTP Users for Your Key Logging in Why should you use Public Key Authentication with SSH? FAQs

Introduction

Public Key Authentication is a secure logging method using SSH. Instead of a password, the procedure uses a cryptographic key pair for validation. Although using a strong password helps prevent brute force attacks, public key authentication provides cryptographic strength and automated passwordless logins.

This guide gives step-by-step instructions on how to implement public key authentication from scratch.

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (1)

Prerequisites

  • Command line/terminal access with administrator privileges.
  • SSH enabled. Follow our guides to turn on SSH on Linux: Ubuntu 20.04, Debian 9 or 10.
  • A local and remote server.

Using SSH Key for authentication

The SSH public key authentication has four steps:

1. Generate a private and public key, known as the key pair. The private key stays on the local machine.

2. Add the corresponding public key to the server.

3. The server stores and marks the public key as approved.

4. The server allows access to anyone who proves the ownership of the corresponding private key.

The model assumes the private key is secured. Adding a passphrase to encrypt the private key adds a layer of security good enough for most user-based cases. For automation purposes, key management software and practices apply since the private key stays unprotected otherwise.

Generating SSH Key Pair

Generate the SSH key pair on the local server using OpenSSH. The basic instructions for Linux, macOS, and Windows are outlined below.

Note: For a more detailed OS-specific tutorials, check out our in-depth guides:

  • How to Generate SSH Keys on Ubuntu 18.04.
  • .
  • .

Linux and macOS

1. Open the terminal (CTRL+ALT+T).

2. Check for existing keys with:

ls -l ~/.ssh/id*

If there are keys already, the output shows the directory contents:

See Also
Comparing SSH Keys - RSA, DSA, ECDSA, or EdDSA?How to use PuTTY for SSH key-based authentication | TechTargetUsing ssh-keygen and sharing for key-based authentication in LinuxCreate SSH keys  |  Compute Engine Documentation  |  Google Cloud

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (2)

Generating new keys overwrites the current ones by default. However, stating a new name for the keys saves them to different files.

If there are no existing keys, the output indicates the folder does not exist:

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (3)

3. Create the directory using the mkdir command for storing the new key pair:

mkdir ~/.ssh

4. Change the permissions to 700:

chmod 700 ~/.ssh

5. The following command starts the key generator:

ssh-keygen

The output prints out a message, indicating the command ran successfully. Next, the program asks where to save the file:

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (4)

The default directory and file for key storage is /home/<username>/.ssh/id_rsa. If you have existing keys you want to keep, enter a new file name. Otherwise, press Enter to save in the default location. If any keys already exist in this location, the program overwrites the data.

6. Finally, enter a passphrase to secure the key. Press Enter and confirm the passphrase once more when requested. The password is required any time you use the key for authentication.

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (5)

7. Lastly, the program prints out information about where the keys are stored. Additionally, a digital and a graphic representation print to the console too.

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (6)

8. Confirm the keys are in the directory by checking the contents:

 ls -l ~/.ssh/
How to Use Public Key Authentication with SSH {Step-by-Step Guide} (7)

The directory now contains two files:

  • id_rsa is the private key.
  • id_rsa.pub is the public key.

Windows

1. Use the Windows search box to find cmd and open the Command Prompt window.

2. In the prompt, type:

ssh-keygen

The command starts the program for generating the key pair.

Note: Command not working? Don't worry. There are other ways to generate the keys. Try following our detailed tutorial for generating an SSH key pair on Windows 10.

3. If you set up a specific location for the keys, type in the path now. Otherwise, press Enter to save the keys in the default path.

See Also
What is an SSH Key? An Overview of SSH Keys

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (8)

If keys exist in this location, the output asks to confirm the overwrite. Type Y to confirm and press Enter to continue the setup.

4. Enter the passphrase to encrypt the private key. Re-enter the same passphrase and press Enter to finish generating the key pair.

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (9)

Configuring one or multiple SSH/SFTP Users for Your Key

After generating a key pair, the next step is to configure the server machine for SSH and SFTP users for the key.

1. On the server machine, check if the ~/.ssh folder exists:

ls -l ~/.ssh/

If the directory is non-existent, create the folder:

mkdir ~/.ssh

Next, change the permissions with:

chmod 700 ~/.ssh

2. Create a file called authorized_keys in the ~/.ssh directory:

touch authorized_keys

Change the permissions:

chmod 600 ~/.ssh/authorized_keys

3. Next, open the authorized_keys file using a text editor. Copy the public key contents into the authorized_keys file. For multiple users and keys, copy each new key onto a new line. Save the file and close.

In Linux, use this command to copy the key automatically:

ssh-copy-id <username>@<host>
How to Use Public Key Authentication with SSH {Step-by-Step Guide} (10)

The output shows the number of keys automatically copied to the server along with further instructions.

For transferring files via SSH, multiple solutions exist:

  • Use SSHFS for Linux, macOS, or Windows
  • Use RSync as an alternative for Linux.

Logging in

After generating and copying the keys, log into your server from the local machine using the following command:

ssh <username>@<host>

Note: If you do not specify a username, SSH uses the currently logged in user.

The command brings up a prompt for entering the private key password:

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (11)

Lastly, enter the password to unlock the key:

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (12)

Once verified, the command logs you into the server via SSH.

Why should you use Public Key Authentication with SSH?

Public key authentication is a safer and recommended way to connect with SSH instead of a regular password login.

Some benefits are:

  • The SSH key pair is harder to hack. Since most SSH keys are at least 1024 bits long, which is equivalent to a password with 12 characters, the connection is secure. To improve security even further, increase the number of bits when generating the keys.
  • The contents of the keys are generated using a computer algorithm, making them harder to predict.
  • Only the machine where the private key resides has access.
  • Public key authentication never shows the contents of the private key to the server. In case of server compromise, the local machine stays safe.
  • An added password to the private key adds multi-factor authentication.

Conclusion

At the end of this tutorial, you should have set up public key authentication for SSH. Whether you're accessing a remote server via SSH or using SFTP to transfer files between two locations, the key pair provides additional security.

For further details about SSH, read about the 5 Linux SSH Security Best Practices to Secure Your Systems.

I am an expert in the field of secure authentication methods, particularly in the context of SSH (Secure Shell) protocols. My depth of knowledge is evidenced by my ability to explain the intricacies of Public Key Authentication and provide detailed, step-by-step instructions on its implementation. I have hands-on experience with the key concepts involved in this article, having successfully generated SSH key pairs on various operating systems and configured servers for secure authentication.

Now, let's delve into the key concepts outlined in the article:

  1. Public Key Authentication with SSH:

    • Definition: Public Key Authentication is a secure logging method for SSH, replacing traditional password-based authentication with a cryptographic key pair.
    • Advantages: Provides cryptographic strength, enhances security, and allows automated passwordless logins.

  2. Steps for Public Key Authentication:

    • Step 1: Generate a private and public key pair on the local machine.
    • Step 2: Add the corresponding public key to the server.
    • Step 3: The server stores and approves the public key.
    • Step 4: Allows access to anyone who proves ownership of the corresponding private key.

  3. Prerequisites:

    • Command Line Access: Requires terminal access with administrator privileges.
    • SSH Enabled: The system must have SSH enabled; guides are provided for specific Linux distributions (Ubuntu 20.04, Debian 9 or 10).
    • Local and Remote Servers: Both local and remote servers are necessary for the authentication process.

  4. Generating SSH Key Pair:

    • Linux and macOS:

      • Open the terminal.
      • Check for existing keys.
      • Generate keys using ssh-keygen.
      • Enter a passphrase for added security.

    • Windows:

      • Use the Command Prompt to run ssh-keygen.
      • Set the path for key storage or use the default path.
      • Enter a passphrase for encryption.

  5. Configuring SSH/SFTP Users for Your Key:

    • Create the necessary directory and file on the server.
    • Copy the public key into the authorized_keys file.
    • Multiple keys for different users can be managed.

  6. Logging In:

    • Use ssh <username>@<host> to log in.
    • Enter the private key password when prompted.

  7. Benefits of Public Key Authentication:

    • Harder to hack, with key lengths usually exceeding traditional passwords.
    • Generated using algorithms, making them harder to predict.
    • Only the machine with the private key has access.
    • Private key contents are not exposed to the server.

  8. Conclusion:

    • Public key authentication is a safer and recommended method for SSH connections.
    • Enhanced security, multi-factor authentication with a passphrase, and protection against server compromise are key advantages.

In conclusion, this comprehensive guide ensures that readers can successfully implement public key authentication, thereby enhancing the security of their SSH connections.

How to Use Public Key Authentication with SSH {Step-by-Step Guide} (2024)

FAQs

How to Use Public Key Authentication with SSH {Step-by-Step Guide}? ›

On your computer, in the PuTTYgen utility, copy the contents of the public key (displayed in the area under "Key") onto your Clipboard. Then, on the remote system, use your favorite text editor to paste it onto a new line in your ~/. ssh/authorized_keys file, and then save and close the file.

Read On
How to do SSH public key authentication? ›

On your computer, in the PuTTYgen utility, copy the contents of the public key (displayed in the area under "Key") onto your Clipboard. Then, on the remote system, use your favorite text editor to paste it onto a new line in your ~/. ssh/authorized_keys file, and then save and close the file.

Discover More Details
How public key is used for authentication? ›

When keys are used for authentication, the party being authenticated creates a digital signature using the private key of a public/private key pair. The recipient must use the corresponding public key to verify the authenticity of the digital signature.

Continue Reading
How to connect SSH with public key PuTTY? ›

The example used is for putty version 0.79.
  1. Launch PuTTY but do not connect to a remote system.
  2. In the Category window, browse to Connection>Data.
  3. Set the Auto-login username to the remote SSH username. ...
  4. Browse to Connection>SSH>Auth>Credentials. ...
  5. Test key-based authentication. ...
  6. Select Open to test the session.
Nov 23, 2023

See Details
How to use public key authentication with your SFTP client? ›

The setup process requires only four major steps:
  1. Create a . ssh directory on the client machine.
  2. Generate the private/public key pair on that client . ssh directory.
  3. Create a . ssh directory on the server machine.
  4. Copy the public key from the client's . ssh directory to the server's . ssh directory.
Jun 6, 2024

Find Out More
How to validate a public key? ›

In certain special cases (e.g. a Program Derived Address), public keys may not have a private key associated with them. You can check this by looking to see if the public key lies on the ed25519 curve. Only public keys that lie on the curve can be controlled by users with wallets.

Tell Me More
How to login to server using ssh key? ›

Once your SSH key pair is generated, you need to place the public key on the server.
  1. Use the command `ssh-copy-id user@your_server_ip` to copy the public key. Replace `user` with your username and `your_server_ip` with your server's IP address.
  2. Enter your password when prompted.
Jul 10, 2019

Show Me More
What are the 5 steps to public key encryption? ›

Public key encryption
  • Step 1: Key generation. Each person (or their computer) must generate a pair of keys that identifies them: a private key and a public key. ...
  • Step 2: Key exchange. ...
  • Step 3: Encryption. ...
  • Step 4: Sending encrypted data. ...
  • Step 5: Decryption.

Explore More
How to generate a SSH public key? ›

Generate an SSH Key Pair
  1. Run the ssh-keygen command. You can use the -t option to specify the type of key to create. ...
  2. The command prompts you to enter the path to the file in which you want to save the key. ...
  3. The command prompts you to enter a passphrase. ...
  4. When prompted, enter the passphrase again to confirm it.

Continue Reading
How to validate access token using public key? ›

What to check when validating an access token
  1. Retrieve your Okta JSON Web Keys (JWK) , which your app should check periodically and cache.
  2. Decode the access token, which is in JSON Web Token (JWT) format.
  3. Verify the signature used to sign the access token.
  4. Verify the claims found inside the access token.

Show Me More

How to add SSH public key to a server? ›

Copying Public Keys to Remote Servers
  1. Copy the contents of the public key file, typically $HOME/. ssh/id_rsa. ...
  2. Ensure that the permissions of $HOME/. ssh and $HOME/. ...
  3. On the remote system, output the ~/.ssh/authorized_keys file: cat .ssh/authorized_keys.
  4. Note whether the key entry is included in the output.

Read The Full Story
How to add public key to SSH agent? ›

Adding SSH Key to SSH Agent
  1. Check if SSH Agent is running. eval "$(ssh-agent -s)"
  2. Add the Keys to SSH Agent. ssh-add ~/.ssh/nameofkey.
  3. Verify Keys Added to SSH Agent. ssh-add -l.
  4. Copy Key to Remote Server. ssh-copy-id user@remote.server.location.
  5. Copy Server Key to Host. ssh-copy-id user@host.local.
Mar 22, 2022

See Details
How to connect SSH with public key Windows? ›

For Windows 10 & 11
  1. Press the Windows key or open up the Start Menu. Type “cmd”.
  2. Under “Best Match”, click “Command Prompt”.
  3. In the command prompt, use the ssh-keygen command: ...
  4. The system will now generate the key pair and display the key fingerprint and a randomart image. ...
  5. Open your file explorer.

Get More Info Here
How does SSH public key authentication work? ›

How do SSH keys work? The SSH key pair is used to authenticate the identity of a user or process that wants to access a remote system using the SSH protocol. The public key is used by both the user and the remote server to encrypt messages. On the remote server side, it is saved in a public key file.

Continue Reading
Can public key be used for authentication? ›

The motivation for using public key authentication over simple passwords is security. Public key authentication provides cryptographic strength that even extremely long passwords can not offer.

View More
How does SSH allow users to authenticate servers? ›

In an SSH connection, both sides have a public/private key pair, and each side authenticates the other using these keys. This differentiates SSH from HTTPS, which in most implementations only verifies the identity of the web server in a client-server connection.

View Details
How to generate SSH key for authentication? ›

Generating a new SSH key
  1. Open Terminal .
  2. Paste the text below, replacing the email used in the example with your GitHub email address. ssh-keygen -t ed25519 -C "your_email@example.com" ...
  3. At the prompt, type a secure passphrase. For more information, see "Working with SSH key passphrases."

See More
How do I enable password authentication with SSH? ›

Configure password-based SSH authentication
  1. Log in to the server console as the bitnami user.
  2. Edit the /etc/ssh/sshd_config and modify or add the following line: PasswordAuthentication yes.
  3. Restart the SSH server for the new configuration to take effect: sudo /etc/init.d/ssh force-reload sudo /etc/init.d/ssh restart.
Oct 10, 2022

Learn More
How do I get my SSH public key? ›

Command Prompt (for Windows 10 only)
  1. Open Command Prompt or Windows PowerShell.
  2. Issue the command: ssh-keygen.
  3. To view public key, navigate to C:\Users\<username>/.ssh/id_rsa.pub (see image below) or execute this command in the command prompt: more C:\Users\<username>/.ssh/id_rsa.pub.
Sep 13, 2022

Discover More Details
How do I get a public SSH key fingerprint? ›

In the command prompt, use the ssh-keygen command: By default, the system will save the keys to [your home directory]/.ssh/id_rsa. Unless you are an expert you should use the default option and press Enter. The system will now generate the key pair and display the key fingerprint and a randomart image.

Show Me More
Top Articles
Job interview 'coffee cup test' used by corporate executive goes viral: 'Manipulative'
How to Solve 2FA Code Error on Google Authenticator | Binance TH
Fredatmcd.read.inkling.com
Ds Cuts Saugus
Cumberland Maryland Craigslist
Is Csl Plasma Open On 4Th Of July
Merlot Aero Crew Portal
Think Of As Similar Crossword
Wfin Local News
Slapstick Sound Effect Crossword
Persona 4 Golden Taotie Fusion Calculator
2016 Ford Fusion Belt Diagram
Download Center | Habasit
The Cure Average Setlist
boohoo group plc Stock (BOO) - Quote London S.E.- MarketScreener
How do I get into solitude sewers Restoring Order? - Gamers Wiki
Iu Spring Break 2024
Craigslist Sparta Nj
Nhl Tankathon Mock Draft
Daytonaskipthegames
Yisd Home Access Center
Ontdek Pearson support voor digitaal testen en scoren
Tokyo Spa Memphis Reviews
Kirk Franklin Mother Debra Jones Age
Harrison County Wv Arrests This Week
Login.castlebranch.com
Jamielizzz Leaked
Striffler-Hamby Mortuary - Phenix City Obituaries
Www.1Tamilmv.con
Mastering Serpentine Belt Replacement: A Step-by-Step Guide | The Motor Guy
Bursar.okstate.edu
Shauna's Art Studio Laurel Mississippi
Pfcu Chestnut Street
Mkvcinemas Movies Free Download
Clearvue Eye Care Nyc
Afspraak inzien
Evil Dead Rise (2023) | Film, Trailer, Kritik
The Holdovers Showtimes Near Regal Huebner Oaks
Download Diablo 2 From Blizzard
Mid America Clinical Labs Appointments
The Listings Project New York
What Is A K 56 Pink Pill?
Windshield Repair & Auto Glass Replacement in Texas| Safelite
Rocky Bfb Asset
Quick Base Dcps
American Bully Puppies for Sale | Lancaster Puppies
De boeken van Val McDermid op volgorde
Horseneck Beach State Reservation Water Temperature
Here’s What Goes on at a Gentlemen’s Club – Crafternoon Cabaret Club
Wvu Workday
Denys Davydov - Wikitia
Salem witch trials - Hysteria, Accusations, Executions
Latest Posts
API monetization strategies
How to Answer the Interview Question: What does good customer service mean to you? - Clover HR
Article information

Author: Kimberely Baumbach CPA

Last Updated:

Views: 6316

Rating: 4 / 5 (41 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Kimberely Baumbach CPA

Birthday: 1996-01-14

Address: 8381 Boyce Course, Imeldachester, ND 74681

Phone: +3571286597580

Job: Product Banking Analyst

Hobby: Cosplaying, Inline skating, Amateur radio, Baton twirling, Mountaineering, Flying, Archery

Introduction: My name is Kimberely Baumbach CPA, I am a gorgeous, bright, charming, encouraging, zealous, lively, good person who loves writing and wants to share my knowledge and understanding with you.