To secure access to the OpenSSH, it is recommended to disable the password authentication and use a public-key authentication. It allows user to connect to remote server without sending the password over Internet.
This could be done in three simple steps:
Generate SSH key-par
The below command generates a private key and the public key:
ssh-keygen -t dsaTwo files will be created in the /home/user/.ssh/ directory:
id_dsa – the private dsa key. which must never be made available to anyone
id_dsa.pub – the public dsa key, which can be distributed to other computers
You should get the following output:
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):Do not forget to enter a passphrase to protect the key.
Transfer public key to the remote server
Copy the key to the remote server:
ssh-copy-id -i ~/.ssh/id_dsa.pub ip.addressThis command will add your public key to a remote machine’s authorized_keys2 file, allowing user to login without the password.
Test connection
Now, connect via SSH to your remote server:
ssh -v user@ip.addressYou should get output similar to above screenshot.
Related links
SSH Public key based authentication – Howto
O’Reilly Book Excerpts: SSH, The Secure Shell: The Definitive Guide. SSH Public-Key Authentication
Gettin’ Fancy with SSH Keys
HOWTO: set up ssh keys
[...] To secure access to the OpenSSH daemon it is recommended to disable the password authentication and use a public/private keys for login. The process is described in cheatsheet Public-key authentication over ssh [...]