Take cyber security seriously and use SSH keys to access remote logins. They are safer than passwords. We'll show you how to generate, install and use SSH keys on Linux.
What's wrong with passwords?
Secure Shell (SSH) is the encrypted protocol used to log on to user accounts on Linux or Unix computers. Normally such user accounts are secured with passwords. When you log in to a remote computer, you must provide the user name and password for the account to which you are logging in.
Passwords are the most common method of securing access to computer resources. Nevertheless, password-based security has some shortcomings. Users choose weak passwords, pass passwords, use the same password on multiple systems, and so on.
SSH keys are much safer and as easy to use as passwords when set up. [1
SSH keys are created and used in pairs. The two keys are linked and cryptographically secure. One is your public key and the other is your private key. You are bound to your user account. When multiple users on a computer use SSH keys, they each receive their own key pair.
Your private key is (usually) installed in your home folder, and the public key is installed on the remote or remote computers – you must have access to it.
Your private key must be kept secure. If it is accessible to others, you are in the same position as if you had discovered your password. A reasonable – and highly recommended – precaution is that your private key is encrypted on your computer with a robust passphrase.
The public key can be freely shared without compromising your security. A check of the public key can not determine which private key is involved. The private key can encrypt messages that can only be decrypted with the private key.
When you make a connection request, the remote computer creates an encrypted message based on the copy of your public key. The message contains a session ID and other metadata. Only the computer with the private key – your computer – can decrypt this message.
Your computer is accessing your private key and decrypting the message. It then sends its own encrypted message back to the remote computer. Among other things, this encrypted message contains the session ID received from the remote computer.
The remote computer now knows that you need to be the one you impersonate because only your private key could extract the session ID from the message sent to your computer.
Make sure you can access the remote computer.
Make sure you can remotely connect to and log in to the remote computer. This proves that your username and password have a valid account set up on the remote computer and that your credentials are correct.
Try not to mess with SSH keys until you have verified that you can use SSH with passwords to connect to the destination computer.
In this example, a person with a user account named
dave is logged on a computer called
howtogeek . You will connect to another computer called
You enter the following command:
ssh dave @ sulaco
You will be asked for your password, enter it and you will be connected to Sulaco. The prompt changes to confirm.
That's all we need for confirmation. User
Dave can leave with the command
You receive the message to disconnect and your prompt return to dave @ howtogeek .
LINK: Connecting to an SSH Server on Windows, MacOS, or Linux
Creating a Pair of SSH Keys
These instructions were released under Linux Distributions tested Ubuntu, Fedora and Manjaro. In all cases, the process was the same, and no software needed to be installed on any of the test computers.
Enter the following command to generate your SSH keys:
The generation process begins. You will be asked where to store your SSH keys. Press Enter to accept the default location. The permissions on the folder only protect it for your use.
You will be prompted for a passphrase. We strongly recommend that you enter a passphrase here. And remember what it is! You can press Enter to not get a passphrase. However, this is not a good idea. A passphrase of three or four unconnected words lined up makes for a very robust passphrase.
You will be prompted to re-enter the same passphrase to verify that you have typed the inputs that you think you typed.
SSH keys are generated and stored for you.
<img class = "alignnone size-full wp-image-424524" data-pagespeed-lazy-src = "https://www.howtogeek.com/wp-content/uploads/2019/06/xssh_7.png .pagespeed.gp + jp + jw + pj + ws + js + rj + rp + rw + ri + cp + md.ic.fObiDyv_jr.png "alt =" The key creation has been completed and the random graph in a terminal window can be displayed The idea is that you recognize whether the random graphic is changing and are suspicious of the connection, as this means that the SSH keys for this one are ignoring Servers were modified.
Installing the public key
We need to install your public key on
Sulaco the remote computer so that it knows the public key belongs to you.
This is done with the command
ssh-copy-id . This command represents a connection g to the remote computer, like the regular command
ssh . Instead of logging in, however, the public SSH key is transferred.
ssh-copy-id dave @ sulaco  ssh-copy-id dave @ sulaco " width="646" height="57" src="/pagespeed_static/1.JiBnMqyl6S.gif" onload="pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);" onerror="this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);"/>
Although you do not log in to the remote computer, you still need to authenticate yourself with a password. The remote computer must identify which user account the new SSH key belongs to.
Note that the password you must enter here is the password for the user account you are logging in to. This is not the passphrase you just created.
If the password has been verified,
ssh -copy-idwill transfer your public key to the remote computer.
You are returned to the computer prompt. You are not connected to the remote computer.
Connecting to SSH keys
Follow the suggestion and try to connect to the remote computer.ssh dave @ sulaco
Because accessing your private key is required for the connection process and you have protected your SSH key behind a passphrase, you must have your passphrase to make the connection.
Enter your passphrase and click the Unlock button.
Once you have entered your passphrase in In a terminal session, you do not have to enter it again while this terminal window is open. You can connect and disconnect as many remote sessions as you like without reentering your password.
You can select the check box for the "Automatically unlock this key each time you log in" option, but it will reduce your security. If you leave your computer unattended, anyone can connect to the remote computers that have your public key.
Once you have entered your passphrase, you will be connected to the remote computer.
To check the process over again, disconnect the connection with the command
exitand set via the same terminal window Reconnect to the remote computer.ssh dave @ sulaco
They are connected to the remote computer without a password or passphrase.
No passwords but increased security
Cybersecurity experts talk about one thing called security friction. That's the little pain you have to put up with for additional security. In general, some additional steps or two are required to apply a safer working method. And most people do not like it. They actually prefer lower security and lack of friction. That's human.
Get more security and comfort with SSH keys. This is definitely a win-win situation.