How to securely connect to a remote Linux server

      Comments Off on How to securely connect to a remote Linux server

Public key authentication offers a secure way to remotely connect to a linux machine. Key-based authentication works by creating a pair of keys: a private key and a public key which are either 1024 or 2048-bits in length. Both key-pairs are generated simultaneously and, while the two are related, a private key cannot be computed from a corresponding public key.

To access an account on a Secure Shell server, a copy of the client’s public key must be uploaded to the server. When the client connects to the server it proves that it has the secret, or private counterpart to the public key on that server, and access is granted. The private key is located on the client machine and is secured and kept secret. The private key is always kept secure in the client machine, and therefore cannot be stolen or guessed like a password can. An additional security measure is the inclusion of a password that is associated with the private key. Therefore, even if the private-key is stolen, the attacker must still guess this password in order to gain access.The public key can be shared with anyone or placed on any server you wish to access.

Once the public-key has been uploaded onto the server, the server will use the public key to create a message for the client computer that can only be read with the private key. The client computer then sends the appropriate response back to the server and the server will know that the client is legitimate.
This entire process is done in the background automatically after you set up keys.

How To Create SSH Keys

SSH keys should be generated on the computer you wish to log in from. This is usually your local machine.

Enter the following into the command line:

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
ce:34:c3:d6:e9:22:02:8a:e7:75:9f:d9:df:4f:67:a4 user@linux
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|        Y        |
|     . G +      .|
|    . o O......o |
|     o . o+oo+K o|
|      .  .o=o.oo |
+-----------------+

Your keys will be created at ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa

Change into the .ssh directory by typing:

cd ~/.ssh

It can be seen that the id_rsa file is readable and writable only by the owner.

$ ls -l
total 12
-rw------- 1 dhaneshr dhaneshr 1766 Sep 14 16:01 id_rsa
-rw-r--r-- 1 dhaneshr dhaneshr  395 Sep 14 16:01 id_rsa.pub
-rw-r--r-- 1 dhaneshr dhaneshr 1772 Sep  2 15:05 known_hosts

The id_rsa.pub file, however, can be shared and has permissions appropriate for this activity.

How To Transfer Your Public Key to the Server

You can copy the public key to the remote server by issuing this command:

ssh-copy-id remote_host

This will start an SSH session, which you will need to authenticate with your password.

After you enter your password, it will copy your public key to the server’s authorized keys file, which will allow you to log in without the password next time.