How to add public key to your server

Adding a public key to your server is an important step for enhancing security and enabling secure, password-free logins using SSH (Secure Shell).

Major Steps:

1. Generate a Key Pair: Use ssh-keygen to create a new SSH key pair if you don't already have one. This includes both a public and a private key.
2. Locate the Public Key: Use cat ~/.ssh/id_rsa.pub to display your public key. This key needs to be copied to your server.
3. Copy the Public Key to Your Server: Use the ssh-copy-id command or manually append the public key to the ~/.ssh/authorized_keys file on your server.
4. Test Your Connection: Attempt to SSH into your server using ssh your_username@your_server_ip to confirm that you can log in without a password prompt, verifying that the setup was successful.

Here’s a step by step guide on how to do it, explained in simple terms:

Step 1: Generate a Key Pair

If you do not already have an SSH key pair (which consists of a public and a private key), you will need to create one. On your local computer, open a terminal or command prompt and run the following command:

ssh-keygen -t rsa -b 2048

• -t rsa specifies the type of key to create, in this case RSA.
• -b 2048 specifies the key length, with 2048 bits being a good balance of security and performance.

Follow the prompts to specify where to save the key (by default, this is in the .ssh directory under your user directory) and whether to secure the key with a passphrase.

Step 2: Locate the Public Key

Once the key pair is generated, you need to find your public key. It’s usually named id_rsa.pub or similar, located in the .ssh directory. You can display the key with the command:

cat ~/.ssh/id_rsa.pub

This command prints the contents of your public key file. It will look something like this:

How SSH pub key looks like

Step 3: Copy the Public Key to Your Server

To enable authentication with your public key, you need to add it to a special file in the user account you are using on the server. This file is located at ~/.ssh/authorized_keys.

You can copy the public key to your server by using the ssh-copy-id command. Replace your_username@your_server_ip with your actual username and server IP address:

ssh-copy-id your_username@your_server_ip

If ssh-copy-id is not available, you can manually add the key by appending it to the authorized_keys file. You can do this by running:

cat ~/.ssh/id_rsa.pub|ssh your_username@yourserver_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" 

This command connects to your server, creates the .ssh directory if it doesn’t exist, and appends the public key to the authorized_keys file.

Step 4: Test Your Connection

Finally, test your SSH connection to ensure that the key has been added successfully and you can log in without a password (unless you set a passphrase, which you will need to enter):

ssh your_username@yourserver_ip
Test your SSH connection from terminal

If everything is set up correctly, you should be logged into your server without needing to enter your user password.

Additional Tips

• Permissions: Make sure that the .ssh directory and the authorized_keys file on the server have strict permissions set. This can be done using:

chmod 700 ~/.ssh

chmod 600 ~/.ssh/authorized_keys

• Security: Always keep your private key secure and never share it. Use a strong passphrase for an extra layer of security.

Important Conclusions:

• Security Enhancement: Adding your public key to the server's authorized_keys enables secure, password-less authentication, which is more secure against brute-force attacks than password-based login methods.
• Permissions: Ensure that the .ssh directory and the authorized_keys file on the server have proper permissions set to prevent unauthorized access. This means setting the directory to 700 and the file to 600.
• Private Key Safety: The private key should remain confidential and never be shared. Securing it with a passphrase provides an additional layer of security.
• Convenience and Efficiency: Using SSH keys speeds up the login process and can facilitate automated processes by allowing scripts and programs to securely access the server without manual password entry.

Still have difficulties ? Join our community discord channel, get help and free consultation!

Need a quick help from the Linux expert ?