SSH Public Key Authentication

Let’s be real, your password is probably bluecat69 or something similar. I don’t blame you. It’s tough having to remember 100+ passwords and it’s so much easier to use that same easy-to-remember password for all of your accounts. You should consider a password manager like 1Password or LastPass, but that’s a story for another blog. Today we’re talking about your weak SSH password that can easily be brute forced. What if I told you that you could use a strong password that you don’t need to memorize, and that you can connect to your server using SSH without having to enter that complex password?

Update your Password

Update your weak SSH user’s password immediately. Use a strong password generator to generate a password for this user.

Generating a Key Pair (Public and Private)

Now that your password is strong, let’s generate a public and private key on the devices that you’ll be connecting to your server from. I’ll be connecting from a Raspberry Pi

ssh-keygen

We’ll then be asked to save the files. On a Raspberry Pi this will be saved to:

/home/pi/.ssh/id_rsa

This will save your SSH keys into the .ssh directory on your user’s home directory. You can now copy the content of the .ssh/id_rsa.pub file into your clipboard.

Adding the Key Pair to the Server

With that saved, you’ll now want to connect to your server and create a .ssh directory in the user’s home directory. Navigate into the .ssh directory and create a file named authorized_keys. Paste the public key from your client device into the authorized_keys file, then save and close the file. You should now be able to connect to your server without a password, while having a complex password.

Leave a Reply