SSH key authentication
The preferred method of authenticating users for accessing the system is through the use of SSH keys. The user generates their own key pair and sends the public key portion to the server administrator for enabling the account.
Create user account
A user account needs to exist to which the SSH key will be associated. If the user account does not already exist, create it.
Create the user account.
sudo adduser username
Do not enter a password when prompted, as the SSH key will be the method of authentication.
If necessary, add the user to the sudo group.
sudo usermod -aG sudo username
User .ssh folder
Setup the user SSH folder.
Create the folder and set folder access privileges such that the user owns the folder.
sudo mkdir /home/username/.ssh sudo chmod 700 /home/username/.ssh sudo chown username:username /home/username/.ssh
Creating SSH key pair
The user being authenticated needs to generate the key pair. It is the responsibility of the user to secure and keep secret the secret key portion of the key pair.
From a terminal, generate the SSH key pair.
ssh-keygen -t rsa
Confirm the output filename of the key files. This can be changed to modify the location where the key files will be created and the name of the files.
Optionally, enter a passphrase if one is desired. Confirm passphrase, if one is used.
This will generate two files, a private key file (e.g.,
~/.ssh/id_rsa) and a public key file (e.g.,~/.ssh/id_rsa.pub).
Add public key
The public key needs to be added to a file called authorized_keys within the user’s .ssh folder.
Create or open the
/home/username/.ssh/authorized_keysfile.sudo nano /home/username/.ssh/authorized_keys
Copy and append the text of the public key file into the
authorized_keysfile.Set the rights to this file to 600 (owner read and write only).
sudo chmod 600 /home/username/.ssh/authorized_keys sudo chown username:username /home/username/.ssh/authorized_keyss