ssh-keygen
will create a 2048-bit RSA key pair, which is secure enough for most use cases (you may optionally pass in the -b 4096
flag to create a larger 4096-bit key)..ssh/
subdirectory in your home directory, or specify an alternate path.ssh-copy-id
. Due to its simplicity, this method is highly recommended if available. If you do not have ssh-copy-id
available to you on your client machine, you may use one of the two alternate methods provided in this section (copying via password-based SSH, or manually copying the key).ssh-copy-id
ssh-copy-id
tool is included by default in many operating systems, so you may have it available on your local system. For this method to work, you must already have password-based SSH access to your server.ENTER
to continue.id_rsa.pub
key that we created earlier. When it finds the key, it will prompt you for the password of the remote user’s account:ENTER
. The utility will connect to the account on the remote host using the password you provided. It will then copy the contents of your ~/.ssh/id_rsa.pub
key into a file in the remote account’s home ~/.ssh
directory called authorized_keys
.id_rsa.pub
key has been uploaded to the remote account. You can continue on to Step 3.ssh-copy-id
available, but you have password-based SSH access to an account on your server, you can upload your keys using a conventional SSH method.cat
command to read the contents of the public SSH key on our local computer and piping that through an SSH connection to the remote server. ~/.ssh
directory exists and has the correct permissions under the account we’re using.authorized_keys
within this directory. We’ll use the >>
redirect symbol to append the content instead of overwriting it. This will let us add keys without destroying previously added keys.ENTER
to continue.id_rsa.pub
key will be copied to the end of the authorized_keys
file of the remote user’s account. Continue on to Step 3 if this was successful.id_rsa.pub
file to the ~/.ssh/authorized_keys
file on your remote machine.id_rsa.pub
key, type this into your local computer:~/.ssh
directory exists. This command will create the directory if necessary, or do nothing if it already exists:authorized_keys
file within this directory. You can add the contents of your id_rsa.pub
file to the end of the authorized_keys
file, creating it if necessary, using this command:public_key_string
with the output from the cat ~/.ssh/id_rsa.pub
command that you executed on your local system. It should start with ssh-rsa AAAA..
.~/.ssh
directory and authorized_keys
file have the appropriate permissions set:~/.ssh/
directory.root
account to set up keys for a user account, it’s also important that the ~/.ssh
directory belongs to the user and not to root
:ENTER
to continue.sudo
privileges. This step will lock down password-based logins, so ensuring that you will still be able to get administrative access is crucial.sudo
privileges. Then, open up the SSH daemon’s configuration file:PasswordAuthentication
. This may be commented out. Uncomment the line and set the value to “no”. This will disable your ability to log in via SSH using account passwords:CTRL
+ X
, then Y
to confirm saving the file, and finally ENTER
to exit nano. To actually implement these changes, we need to restart the sshd
service: