How to Setup SSH Key-Based Authentication on Fedora

SSH is a secure shell protocol that provides secure login from one machine to another. Linux system administrators use it to manage and control remote servers via the command line.

Public Key Authentication is a secure method to connect remote SSH servers using a public key instead of a password. It uses a cryptographic key pair for validation that helps prevent brute-force attacks. It helps the system administrator log in to many accounts without managing many different passwords.

This post will show you how to set up SSH public key authentication on Fedora.

Step 1 – Generate an SSH Public Key

First, you must generate an SSH key pair on your local system to authenticate your remote server. Run the following command on your local Linux system to generate an SSH key pair.

ssh-keygen -t rsa

You will be asked to define a location to save the key pair.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/vyom/.ssh/id_rsa): 
/home/vyom/.ssh/id_rsa already exists.
Overwrite (y/n)? y

Type Y, press the Enter key to save the key at the default location, and overwrite an existing key pair. You will be asked to set a passphrase for the key pair.

 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 

Just press Enter to continue. You should see the following output.

Your identification has been saved in /home/vyom/.ssh/id_rsa
Your public key has been saved in /home/vyom/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:i0kzweXQHdq6SjAGbvdroC8Nn601rfsEp/OnATLedJI vyom@ubuntupc
The key's randomart image is:
+---[RSA 3072]----+
|      ......     |
|     . +.o.      |
|  .   o o .      |
| . .   o .       |
|  o B E S        |
| ..+.X & o       |
|   =.+@ *        |
|  o +ooO ..      |
|   ooo=o+o       |
+----[SHA256]-----+

The above command will generate SSH key pairs at /home/vyom/.ssh/id_rsa.

Step 2 – Copy SSH Key to Remote Server

Next, you must copy your generated public key to the remote server. There are many ways to copy an SSH key to the remote server.

Copy SSH Key Using ssh-copy-id

You can copy an SSH public key to the remote server using the ssh-copy-id command.

ssh-copy-id root@ssh-server

You will be asked to provide the root password of the remote machine to copy the public key.

[email protected]'s password: 

Number of key(s) added: 2

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

Copy SSH Key Using SSH

You can also use the SSH and cat command to copy the public key to the remote server.

cat ~/.ssh/id_rsa.pub | ssh root@ssh-server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Copy SSH Key Manually

If you have not accessed the remote server via SSH, you can copy the content of the id_rsa.pub file to the ~/.ssh/authorized_keys file on a remote server.

First, run the cat command on your local system to display the content of the id_rsa.pub file.

cat ~/.ssh/id_rsa.pub

Output.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO4fELhgdYFQyh6Iox65p2q4HPRRlkkuX3ReNJ6vmONPgptJTwvB1YUjK1V8BDfj9JPtEUw0nSW668OVuLI0xceDOjVmmYgNBpgt8UlIxJlIIDqFjcXx/Yk3in+cK7aVRIgyFfmjMsQ0lghnZzrO35XncGqRU3xq8n8AGzTk82ZkxccpqVXOdjLN7DqdNLWa0hvz+mGmDCXqQra5hyi36RDbY5krwqvlgg2+nEWGfjspMdjLQaFbcOucmN0EBK2pMoDfUzZ3yAmiqoJswUj1H9u9Jk7/ASIpF7JaxIUrg6A8UI5qCkskPoWPKl8/b0vQmF7+e+bAdf9bsaZbj6Gq5yMkwBED8LitlMtytxE63wSbvaVOXWU3s8ULkHXOJ2L1iF3+H8oU/qM8D4FOBQ7Je1Ujtikye/YtF0dFDx+kfv2gAYRgauCReIQXNc/2/dN3E/kW/7/EtOHATip9CWROtVVsdwPL8ayPaZ4J05UZVx74B9USCLDXbGtiCTUs5PP3k= vyom@ubuntupc

Next, copy the above content then login to your remote server, and create a .ssh directory;

mkdir -p ~/.ssh

Next, create an authorized_keys file.

nano ~/.ssh/authorized_keys

Paste the content of the id_rsa.pub file.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDO4fELhgdYFQyh6Iox65p2q4HPRRlkkuX3ReNJ6vmONPgptJTwvB1YUjK1V8BDfj9JPtEUw0nSW668OVuLI0xceDOjVmmYgNBpgt8UlIxJlIIDqFjcXx/Yk3in+cK7aVRIgyFfmjMsQ0lghnZzrO35XncGqRU3xq8n8AGzTk82ZkxccpqVXOdjLN7DqdNLWa0hvz+mGmDCXqQra5hyi36RDbY5krwqvlgg2+nEWGfjspMdjLQaFbcOucmN0EBK2pMoDfUzZ3yAmiqoJswUj1H9u9Jk7/ASIpF7JaxIUrg6A8UI5qCkskPoWPKl8/b0vQmF7+e+bAdf9bsaZbj6Gq5yMkwBED8LitlMtytxE63wSbvaVOXWU3s8ULkHXOJ2L1iF3+H8oU/qM8D4FOBQ7Je1Ujtikye/YtF0dFDx+kfv2gAYRgauCReIQXNc/2/dN3E/kW/7/EtOHATip9CWROtVVsdwPL8ayPaZ4J05UZVx74B9USCLDXbGtiCTUs5PP3k= vyom@ubuntupc

Next, edit the SSH configuration file on the remote machine and disable the password-based authentication.

nano /etc/ssh/sshd_config

Change the following line:

PasswordAuthentication no

Save and close the file, then restart the SSH service to apply the changes.

systemctl restart sshd

Step 3 – Verify Remote Server Login Using SSH Key

At this point, SSH public key authentication is set up between your local and remote systems. Now it’s time to authenticate the remote server using the SSH key.

Run the following command on your local system to authenticate the remote server.

ssh root@ssh-server-ip

If everything is fine, you will get into the remote server, as shown below.

Last login: Sun May  7 03:20:15 2023 from 49.34.56.34
[root@fedora ~]# 

Conclusion

In this post, we explained how to set up an SSH key-based authentication on the Fedora server. You can now easily use SSH key-based authentication in your local system to manage multiple servers via SSH. You can now try to set up SSH key-based authentication on VPS hosting from Atlantic.Net!