Configure SSH for Key-based Authentication
See also Configure SSHD.
Sources
- SSH Key Tutorial
- Man pages: ssh, ssh-keygen, ssh-add, ssh-agent
- Configuring Authorized Keys for OpenSSH
- The Ultimate SSH Guide and Cryptography Quick Guide
Generate SSH Key Pair
Generate the ED25519 key using ssh-keygen:
alex@latitude7490:~$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/alex/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/alex/.ssh/id_ed25519
Your public key has been saved in /home/alex/.ssh/id_ed25519.pub
Verify the generated files:
$ ls -la ~/.ssh
total 48
drwx------ 2 alex alex 4096 Dec 16 14:17 .
drwxr-xr-x 31 alex alex 4096 Mar 31 12:00 ..
-rw------- 1 alex alex 411 Sep 28 2021 id_ed25519
-rw-r--r-- 1 alex alex 99 Sep 28 2021 id_ed25519.pub
-rw------- 1 alex alex 3381 Dec 28 2019 id_rsa
-rw-r--r-- 1 alex alex 739 Dec 28 2019 id_rsa.pub
-rw------- 1 alex alex 11042 Jan 28 12:15 known_hosts
-rw------- 1 alex alex 9930 Dec 16 14:16 known_hosts.old
List the fingerprints currently used by ssh using ssh-add:
$ ssh-add -l
4096 SHA256:4sGkGvw2itx0TNFu8V+Bqk2lSdB8ZEHczXIGfmfWiZc alex@latitude (RSA)
Add the private key identities to the authentication agent,
[ssh-agent].
When run without arguments, it adds the files ~/.ssh/id_rsa, ~/.ssh/id_dsa,
~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, and
~/.ssh/id_ed25519_sk.
$ ssh-add
Identity added: /home/alex/.ssh/id_rsa (alex@latitude)
Identity added: /home/alex/.ssh/id_ed25519 (alex@latitude7490)
Confirm the key addition:
$ ssh-add -l
4096 SHA256:4sGkGvw2itx0TNFu8V+Bqk2lSdB8ZEHczXIGfmfWiZc alex@latitude (RSA)
256 SHA256:pD1ar4RV2Xuqup3/27JnAibnmHeQMJ4O4h05GI/e3R0 alex@latitude7490 (ED25519)
Create Account on a Remote Computer
uname=alex
useradd -m $uname
passwd $uname
adduser $uname sudo
usermod -aG sudo $uname
usermod -aG adm $uname
usermod -s /bin/bash $uname
Copy ID to a Remote Computer
Copy a default ID:
alex@latitude7490:~$ ssh-copy-id alex@fuji
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
alex@fuji's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'alex@fuji'"
and check to make sure that only the key(s) you wanted were added.
Alternatively, copy the specific ID:
ssh-copy-id -i ~/.ssh/id_rsa.pub alex@192.168.100.177
Enjoy it
alex@latitude7490:~$ ssh alex@fuji
Linux fuji 5.4.114-1-pve #1 SMP PVE 5.4.114-1 (Sun, 09 May 2021 17:13:05 +0200) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Sep 28 11:24:18 2021 from 192.168.10.141
alex@fuji:~$ ls -ls ~/.ssh
total 4
4 -rw------- 1 alex alex 99 Sep 28 11:17 authorized_keys
~/.ssh/config
Custom secret per host
Host _name_
User ubuntu
IdentitiesOnly=yes
IdentityFile ~/.ssh/_host_secret_.pem