Prerequisites 

To complete this guide you require at least two Linux hosts most likely with one being a VPS/server and the other an end user machine. Both hosts should be running a Linux distribution as the title suggests, and pre-existing password based SSH access needs to be obtained initially for the VPS/server system. SSH as a running service needs to be installed on both systems too for this to succeed.

Hoverdata provide several packages with different payment plans for those looking into server hosting for a shared host, VPS, or dedicated server.

Introduction

SSH keys enable the use of a public key to gain access to a trusted server thereby removing the need for a susceptible text based password. It facilitates this through use of the RSA encryption algorithm. Not only is it more secure but in many cases more convenient for regular users to quickly authenticate themselves on the host.

Read on to discover how to set one up.

Step 1 — Create RSA Key Pair On Client

Creating access through this method begins by generating the key pair that we’ll use for authentication. We can do this with the inbuilt program “ssh-keygen”.

Run it on your client machine’s Linux command line shell as you would any other integrated program:

You can specify what size RSA encryption key to be generated but the standard default value will suffice for normal everyday use.

Enter file in which to save the key (/home/linux-username/.ssh/id_rsa):

When prompted press enter to use the provided user home directory for the default storage location of the key(s).

Step 2 — Passphrase (Optional)

Enter passphrase (empty for no passphrase):

A second prompt asks you to provide a pass-phrase for this key as an added extra layer of security. This password/pass-phrase is requested at the beginning of every session whenever the key is used to access the second remote server.

As the step name indicates you can skip this and not supply a pass-phrase. Meaning you won’t have to use one for this key. Simply press ENTER to skip this and move on, or provide a phrase you’ll remember and adheres to a sensible password policy.

Step 3 —  Transfer Public Key To VPS/Server

For this post we’ll use the most straightforward method of transferring the public key to a remote host, bear in mind that there are other means of carrying out the transfer if this method is not possible.

The method we’ll use is to run the ssh-copy-id program on the client’s command line (not on the remote server). To reiterate you should have this as part of the SSH set of tools already installed on your Linux client machine.

To begin the process of copying the public key across, pass the name of the Linux account on the remote server you will use to log in, proceeded by @ then the remote VPS/server IP address (or domain name instead if this is set up).

An example of this is shown below, alter it to your details and then run the command on your client.

Assuming the host is online and accessible, enter “yes” to continue on from the message that states “are you sure you want to continue connecting?”.

Step 4 —  Validate & Link Key

After some processing and additional output you must provide the password for the remote Linux user’s account you used to connect in the previous step (step 3). In my example it was “user_name” so I would enter his password.

Do this and then you’re nearly all finished.

Step 5 —  Reconnect To VPS/Server

From here on out everytime you attempt to connect to the remote server on the client you’ll be logged in through the key and not have to provide a password unlike before. Those who did not skip step 2 do have to enter their pass-phrase here to unlock access for the current session to gain entry.

Conclusion

Pending you understand this process and have gone ahead and setup the access keys needed elsewhere, you can go a step further and do some research out how to disable text based password authentication for the root user of the server (once the root or sudo enabled account has an SSH key).

This helps stop forced unwanted access to your VPS by malicious third parties, and is recommended but not a complete necessity.

Thanks for reading, ask any questions or queries in the comments.