Enabling key-based (SSH key-based) login within a Linux system involves setting up public-key authentication for SSH, which enhances security and eliminates the need for passwords. Here's a step-by-step guide to achieve this:
1. **Generate SSH Key Pair (if not already done):**
If you don't have an SSH key pair, you can generate one using the following command on your local machine:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Replace `"your_email@example.com"` with your actual email address.
2. **Copy Public Key to Remote Server:**
After generating the SSH key pair, copy the public key (`id_rsa.pub`) to the remote Linux server using the `ssh-copy-id` command or by manually appending it to the `~/.ssh/authorized_keys` file on the server.
Using `ssh-copy-id`:
ssh-copy-id username@remote_server_ip
Alternatively, you can manually copy the public key and append it to `~/.ssh/authorized_keys` on the remote server.
3. **Modify SSH Configuration (Optional, but Recommended):**
Open the SSH configuration file on the remote server using a text editor (e.g., `nano`, `vim`, or `gedit`):
sudo nano /etc/ssh/sshd_config
Find and modify the following settings:
- Ensure `PubkeyAuthentication` is set to `yes`.
- Optionally, set `PasswordAuthentication` to `no` if you want to disable password-based login.
Save the file and exit the text editor.
4. **Reload SSH Service:**
To apply the changes, reload the SSH service on the remote server:
sudo systemctl reload sshd
5. **Test Key-Based Login:**
Now, attempt to log in to the remote server using your SSH key:
ssh username@remote_server_ip
You should be able to log in without entering a password, as long as your private key is correctly loaded in your local SSH agent.
6. **Disable Password Login (Optional, but Recommended):**
If you're confident that key-based authentication is working correctly, you can disable password-based authentication for added security. Remember, though, that doing so requires you to ensure you have a working key-based login before disabling password login.
In the SSH configuration file (`/etc/ssh/sshd_config`), set `PasswordAuthentication` to `no`:
PasswordAuthentication no
Then, reload the SSH service:
sudo systemctl reload sshd
That's it! You've successfully enabled key-based login within your Linux system. Always make sure to keep your private key secure and follow best practices for managing SSH keys.
