SSH Key-Pairs.

Remotely Connect to Linux Servers with SSH key-pairs

SSH: Authentication with Key-pairs

On your client machine:

  • Create ssh key pair by using the command ssh-keygen
    • It will create 2 files (Private key and Public key) in the .ssh folder.
[menit@fedora .ssh]$ ls 
  • It is recommended that you will use a passphrase to encrypt your private key
[menit@fedora .ssh]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/menit/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/menit/.ssh/id_rsa
Your public key has been saved in /home/menit/.ssh/
The key fingerprint is:
SHA256:E+n8J9Sjbdbi5A7uyu7LVAm2Y8fNBtSawvCyoR7l3Y4 menit@fedora
The key's randomart image is:
+---[RSA 3072]----+
|          ..     |
|      .  o  .    |
|       += .o     |
|      +++=o*     |
|     + =So* *    |
|    o o..B.+ o   |
|   . .  .o= B .  |
|    .  +E..X .   |
|       oB+o.+    |

How to Deploy your public key to your manage servers.

  • To connect to your Linux servers using ssh keys you will need to transfer the public key to your remote servers

There are 2 methods to transfer the public key to your server

The first method is to install the public key from your own host to your remote server using this command:

  • This command will create on the remote host .ssh folder and a file named authorized_keys and he will copy-paste the public key to this file.
ssh-copy-id -i /home/menit/.ssh/ username@

  • The second method is to copy your public key and paste it to your remote server under the .ssh folder to file named authorized_keys (if you can’t find such file you just need to create it.

Now you can connect to your machine using this command

[menit@fedora .ssh]$ ssh swarm@

Connect to your remote server without the passphrase

To avoid the need to enter a passphrase every time you ssh to a remote host you can use sshagent to Cache your Authentication Credentials into the host memory.

[menit@fedora .ssh]$ ssh-agent bash
[menit@fedora .ssh]$ ssh-add id_rsa
Enter passphrase for id_rsa: ***********
Identity added: id_rsa (menit@fedora)

How to ssh to a remote host using the Root User account.

  1. On the remote host, you will need first to enable the login as root option: To enable it to remove # from the line “PermitRootLogin prohibit-password”
swarm@swarm3:/etc/ssh$ vim /etc/ssh/sshd_config

#LoginGraceTime 2m
PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

Exit and Save the file by pressing :wq

  1. Switch to you root account in the remote server and pass the Public ssh key to the authorized_keys file under the .ssh folder.
root@swarm3:~/.ssh# ls

How to type sudo command with a password

To grant you user sudo permissions you will need to edit this config file:

[menit@fedora .ssh]$ sudo visudo

Under Allow people in group wheel paste this command

#Allow users to run all commands

This is how it’s should be looked like in the config file:

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

#Allow users to run all commands

It’s important you enter your new line entry at the bottom of the config file because the visudo file is processed from the top to bottom.

Author: Meni T.

IT Infrastructure Manager

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: