Using Key-based SSH Authentication

If you use Git or remote terminal session a lot, consider using key-based authentication. Key-based authentication is generally considered more secure than password-based authentication. 

In key-based authentication, two key-files are used. One is the public key and may be distributed to other parties that should be able to authenticate you and your information. The other is the private encryption key and should be kept secure.

A Unix-like machine and some command-line familiarity is assumed.

Generating an SSH key-pair

Open up the terminal. Check if you already have existing SSH keys.

No such file or directory? Create the folder.

No id_rsa and id_rsa.pub files? Create them using ssh-keygen. Don’t overwrite them if they already exist.

ssh-keygen [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] [-C comment]

We will use the rsa algorithm and a 4096 bit keysize which is pretty secure at this moment. Elliptic keys (ecdsa) is considered more efficient/secure but is not supported on all systems. Provide a passphrase as you wish, it will keep you more secure when your key gets compromised.

Finally, set all permissions right. Only the owner may read and write the keys and only the owner may list the contents of the .ssh directory.

Enabling key-based authentication on a remote server

Choose the easy or the manual way.

a. Easy, using ssh-copy-id

Just run

On Mac OS you might need to install the tool using brew:

b. Manually

Print your public key:

Never copy the file that starts with —–BEGIN RSA PRIVATE KEY—–

Copy the contents to your clipboard.

Login to your remote server using SSH or another remote access method. Assuming you’re in the terminal now, check the .ssh folder:

No such file or directory? Create the folder.

Open or create the authorized_keys file:

Paste the public key (on a new line if not empty). Save the file.

Finally, set all permissions right. Only the owner may read and write the files and only the owner may list the contents of the .ssh directory.