RSA keys not only provide more robust authentication than passwords- a password can be broken with time, luck and/or a hypothetical hammer- but can also make life a lot easier by removing the need to type a password on every login. This, obviously, assumes that the client computer won’t fall into the wrong hands.
This guide will run through the process of generating a client RSA key set, adding the public key to your Linux server and finally removing the ability to log in with a password. This will be demonstrated through the CLI.
From your client computer, generate RSA keys
ssh-keygen -t rsa
Enter file in which to save the key, I chose the default /Users/Jonny/.ssh/id_rsa
You will be prompted for a password. I chose to not use a password
Enter passphrase (empty for no passphrase):
Show the public key that has just been generated
cat /Users/Jonny/.ssh/id_rsa.pub
Copy this key
Login to your server in the normal way
ssh [email protected]
Create an ssh directory in your home location
mkdir .ssh
Create a file for authorised keys
nano .ssh/authorized_keys
Paste your key in this file. Press ctrl + x to save.
Optional: Remove ability to login with a password
Assume root privileges
su
Open the ssh config file in an editor
nano /etc/ssh/sshd_config
Find the following line
#PasswordAuthentication yes
Change it to
PasswordAuthentication no
Press ctrl + x to save and exit
Optional: Change RSA passphrase
On the client computer type
ssh-keygen -p
You will be asked for the current and new password
All done! Now you can log in without a password!