How to Setup SSH Key-based Authentication on Arch Linux

SSH is an open-source and Secure Shell protocol used to connect to a remote Linux server and manage it via the command line. It helps a system and network administrator to manage Linux servers from a remote location. You can also use it to transfer files between multiple Linux servers. You can connect to the removed SSH server using two methods, using password authentication and key-based authentication. Key-based authentication is more secure than a password because only a user with a valid key can log in to Linux.

In this post, we will show you how to install SSH and set up SSH key-based authentication on Arch Linux.

Step 1 – Configure Repository

By default, the default repository is outdated in Arch Linux, so you will need to modify the default mirror list if you have not done so already. You can do it by editing the mirrorlist configuration file:

nano  /etc/pacman.d/mirrorlist

Remove all lines and add the following lines:

## Score: 0.7, United States
Server = http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch
## Score: 0.8, United States
Server = http://lug.mtu.edu/archlinux/$repo/os/$arch
Server = http://mirror.nl.leaseweb.net/archlinux/$repo/os/$arch
## Score: 0.9, United Kingdom
Server = http://mirror.bytemark.co.uk/archlinux/$repo/os/$arch
## Score: 1.5, United Kingdom
Server = http://mirrors.manchester.m247.com/arch-linux/$repo/os/$arch
Server = http://archlinux.dcc.fc.up.pt/$repo/os/$arch
## Score: 6.6, United States
Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch
## Score: 6.7, United States
Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch
## Score: 6.8, United States
Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch
## Score: 7.1, India
Server = http://mirror.cse.iitk.ac.in/archlinux/$repo/os/$arch
## Score: 10.1, United States
Server = http://mirrors.xmission.com/archlinux/$repo/os/$arch

Save and close the file, then update all the package indexes with the following command:

pacman -Syu

Step 2 – Generate an SSH Key

First, you will need to generate an SSH key pair on the Linux system where you are working.

You can generate it using the following command:

ssh-keygen -t rsa

You will be asked to specify the location to store the key as shown below:

Enter file in which to save the key (/home/user/.ssh/id_rsa): 

Just press Enter and accept the default path. You will be asked to set a passphrase as shown below:

Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 

Just press Enter without providing any passphrase. You should see the following output:

Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
ec:50:43:d9:39:64:f8:19:63:18:ab:1c:e4:ea:f5:e7 user@newpc
The key's randomart image is:
+--[ RSA 2048]----+
|      . oBo.     |
|     o .+oB      |
|      o +o =     |
|     o = .o      |
|    . = S        |
|   . . +         |
|    .   o .      |
|         o       |
|          E      |
+-----------------+

Now, verify your SSH key using the following command:

ls -la ~/.ssh/id_*.pub

You should see the following output:

-rw-r--r-- 1 user user 392 Sep  8 14:34 /home/user/.ssh/id_rsa.pub

Step 3 – Copy SSH Public Key to Remote Server

Now, you will need to copy your public key to the remote Linux server. You can do it using the ssh-copy-id command:

ssh-copy-id root@remote-server-ip

You will be asked to provide a root password of a remote server to copy a public key:

root@remote-server-ip's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@remote-server-ip'"
and check to make sure that only the key(s) you wanted were added.

Step 4 – Connect Remote Server without Password

At this point, the SSH key is generated and copied to the remote server. You can now connect to the remote server without providing a password:

ssh root@remote-server-ip

Once you are connected, you should see the following output:

Welcome to archlinux (GNU/Linux 5.4.0-29-generic x86_64)

 * Documentation:  https://help.archlinux.com
 * Management:     https://landscape.canonical.com
 * Support:        https://archlinux.com/advantage

Last login: Wed Sep  8 07:50:27 2022 from 10.10.20.203
root@archlinux:~# 

Step 5 – Remove Password-based Authentication

At this, SSH key-based authentication is configured successfully. Now, it is recommended to disable the use of password authentication so that everyone uses only keys to access the server.

On the remote Linux server, edit the SSH main configuration file:

nano /etc/ssh/sshd_config

Uncomment and change the following line:

PasswordAuthentication no

Save and close the file, then restart the SSH service to apply the changes:

systemctl restart ssh

Conclusion

In the above post, we explained how to set up SSH key-based authentication on Arch Linux. You can now implement SSH key-based authentication for each server that you want to manage remotely. You can choose one of our dedicated server hosting from Atlantic.Net! to test the SSH.