RSA keys not only provide more robust authentication than passwords- a password can be broken with time, luck and/or a hypothetical hammer- but can also make life a lot easier by removing the need to type a password on every login. This, obviously, assumes that the client computer won’t fall into the wrong hands.
This guide will run through the process of generating a client RSA key set, adding the public key to your Linux server and finally removing the ability to log in with a password. This will be demonstrated through the CLI.
From your client computer, generate RSA keys
ssh-keygen -t rsa
Enter file in which to save the key, I chose the default
You will be prompted for a password. I chose to not use a password
Enter passphrase (empty for no passphrase):
Show the public key that has just been generated
Copy this key
Login to your server in the normal way
ssh [email protected]
Create an ssh directory in your home location
Create a file for authorised keys
Paste your key in this file. Press
ctrl + x to save.
Optional: Remove ability to login with a password
Assume root privileges
Open the ssh config file in an editor
Find the following line
Change it to
ctrl + x to save and exit
Optional: Change RSA passphrase
On the client computer type
You will be asked for the current and new password
All done! Now you can log in without a password!