How to Enable Linux SSH Key Authentication
Throughout this course, we have used username and password to SSH into machines. While acceptable for private services, for public exposure or best practice, SSH key authentication is essential. Without your private SSH key, remote login is effectively impossible.
Creating the SSH Key
Create the SSH key on your client computer (never transfer your private key over the internet). You can keep a safe copy offline (e.g., USB drive).
You can leave default settings for the key creation:
Run this in your Windows command line:
ssh-keygen -t ed25519 -C "your_email@example.com"
Your SSH key will be stored at:
C:\Users<your_username>.ssh\
Uploading the SSH Key to the Linux Server
In the same CLI run (replace placeholders):
type $env:USERPROFILE.ssh<your_ssh_key_name> | ssh <user>@<host_Ip_address> "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Verify on the server:
cd ~/.ssh
nano authorized_keys
Navigate back to the root directory with:
cd ~
Set correct permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Disable Password Authentication for SSH
Edit the SSH daemon config:
sudo nano /etc/ssh/sshd_config
In the #Authentication section set:
PasswordAuthentication no
PermitRootLogin no
You may need to also edit:
sudo nano /etc/ssh/sshd_config.d/50-cloud-init.conf
Restart SSH:
sudo systemctl restart ssh
Log out:
exit
SSH back in without a password prompt:
ssh <username>@<server_ip>