To use key-based authentication, we need to create a pair of keys – a private key and a public key:
- On the client or local system, execute the following command to generate the SSH key pairs:
ssh-keygen -t rsa
While creating the key, we can accept the default values or change them as we wish. It will also ask for a passphrase, for which you can choose anything or leave it blank.
- The key-pair will be created in the location - ~./ssh/. Change to this directory and then use the ls -l command to see the details of the key files:
We can see that the id_rsa file can be read and written only by the owner. This permission ensures that the file is kept secure.
- Now we need to copy the public key file to the remote SSH server. To do so, we run the following command:
ssh-copy-id 192.168.1.101
An SSH session will be started and prompt for entering the password for the user account. Once the correct password has been entered, the key will be copied to the remote server.
- Once the public key has been successfully copied to the remote server, try to log in to the server again using the following command:
ssh 192.168.1.101
We can see that now we are not prompted for the user account's password. Since we had configured the passphrase for the SSH key, it has not been asked for. Otherwise, it would have asked us for the password.