HOWTO devops ssh_keys

HOWTO: install & configure ssh keys for password-less access

Synopsis:

SSH Key-based access allows to disable console login for all users except the ones holding a reference public key.

WARNING: obviously, loosing or removing the key file from the local machine will make the remote server inaccessible once that password access has been disabled. So proceed with extreme caution

References:

• D.O. tutorial, configure SSH Key-based auth
• D.O. tutorial on SSH Keys setup

Procedure:

Assuming no previous keys were generated, on localhost:

$ ssh-keygen -t rsa

1. Enter file in which to save the key (/home/username/.ssh/id_rsa)
2. Enter a very long passphrase

• private key: id_rsa
• public key: id_rsa.pub

How to copy & paste the public key to any web front-end requesting a key:

On your localhost:

$ cat ~/.ssh/id_rsa.pub

Copy and paste the resulting text into the form requesting the key.

How to copy & paste the public key to a remote server using SSH-copy-id:

From your localhost:

$ ssh-copy-id username@remote_host

How to copy & paste the public key to a remote server using SSH/cat:

From your localhost:

$ cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Authenticate to your Server Using SSH Keys:

Test remote, password-less access from localhost:

$ ssh username@remote_host

Disabling Password Authentication on your Server:

On the remote server:

$ sudo vim /etc/ssh/sshd_config

...And edit setting:

PasswordAuthentication no

Save and close. Restart ssh service:

$ sudo service ssh restart