Setting Up Key-Based Authentication for Secure Server Access.

---

Key-based authentication, also referred to as public key authentication, stands out as a highly secure approach to server access when compared to the conventional password-based method. In key-based authentication, cryptographic keys replace passwords for the authentication process. This involves logging in through a pair of cryptographic keys: a public key (known to the server) and a private key (known exclusively to you). The public key is stored on the server, while the private key is securely maintained on your local machine. This method adds an extra layer of security by leveraging a unique pair of keys for a more robust and reliable authentication mechanism.

Here is a step-by-step guide to set up key-based authentication on a server:

Generate SSH Key Pair

---

For Linux based system:

---

Open a terminal on your local server.

Use the following command to generate an SSH key pair:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Replace "your_email@example.com" with your actual email address.

You will be prompted to enter the file path to save the key. Press Enter to accept the default.

Optionally, you can set a passphrase for an extra layer of security.

This generated two keys, the SSH keys will be stored in ~/.ssh/ (default path). The Public key is stored in ~/.ssh/id_rsa.pub while the Private key is stored in ~/.ssh/id_rsa.

On your remote server,

Copy your public key to your remote server using the following command.

ssh-copy-id username@server_ip

Replace username and server_ip with your server's username and IP address.

You will be prompted to enter your server password.

If ssh-copy-id is not available on your system, you can manually copy the public key:

On your local machine, print out the public key and copy the contents:

cat ~/.ssh/id_rsa.pub

And on your remote server, paste the public key into the authorized keys file:

nano ~/.ssh/authorized_keys

after pasting the key, save and exit.

For Windows based System:

---

This is for Windows based machine connecting to a Linux server.

Open PowerShell as an administrator.

Use the following command to generate an SSH key pair:

ssh-keygen -t rsa -b 4096

You can optionally provide a specific path and filename for the key.

You will be prompted to enter a file to save the key. Press Enter to accept the default

Optionally, you can set a passphrase for an extra layer of security.

The SSH key will be stored in C:\Users\ADMIN/.ssh/id_rsa

Copy your public key to the your server using the following command.

ssh-copy-id username@server_ip

Replace username and server_ip with your server's username and IP address.

You will be prompted to enter your server password.

If ssh-copy-id is not available on your system, you can manually copy the public key:

cat C:\Users\ADMIN/.ssh/id_rsa.pub

And on your remote server, paste the public key into the authorized keys file:

nano ~/.ssh/authorized_keys

after pasting the key, save and exit.

Verify Key-Based Authentication:

---

Try to SSH into your server without entering a password. If configured correctly, it should use the private key for authentication.

From your local Linux or Windows machine,

ssh username@server_ip

If successful, you should be logged in without entering a password.

Adjust SSH Configuration (On the Server)

---

On the remote Linux server, edit the SSH server configuration file:

vi /etc/ssh/sshd_config

Ensure the following settings are configured:

PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no

Save the file and restart the SSH service:

Ensure the .ssh directory and authorized_keys file have the correct permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

By following these steps, you enhance the security of your server access by relying on key-based authentication instead of password-based authentication.