Create and Push SSH Key Only Login

Create and Push SSH Key Only Login
Photo by Scott Rodgerson / Unsplash

Create the SSH key on your machine.

  1. Input the following command and remember your key location.
ssh-keygen -t ed25519 -C "[email protected]"
  1. Edit the ssh configuration file to automatically use the key during login.

Create or edit the file at:

nano ~/.ssh/config

and paste in the following configuration, with your parameters:

Host SERVERNAME
Hostname ip-or-domain-of-server
User USERNAME
PubKeyAuthentication yes
IdentityFile ./path/to/key

Note that you must list your private key which does NOT have a .pub appended.

You can add:

IdentitiesOnly yes

to ensure ssh uses the specified IdentityFile and no other keyfiles during authentication. Setting IdentitiesOnly prevents failed authentications from occurring, when ssh would otherwise attempt to login with multiple keys. Setting this is also considered more secure, as you're not leaking information about other keys you have installed, and maintaining separation of your keys between different levels of access.

Pushing the Created Key to the Server

  1. Use the following line to push the key to the server. It will ask for a key or password to authenticate.
ssh-copy-id -i /path/to/key.pub SERVERNAME

Note that you must push your public key, not your private one.

Configuring Key Only Access

  1. Log into your server with your newly created Key. Then edit your sshd_config file using:
nano /etc/ssh/sshd_config
  1. In your file change or edit the following parameters to:
PermitRootLogin prohibit-password
PubkeyAuthentication yes
PasswordAuthentication no
  1. Press CTRL + X, Y, then ENTER to save.
  2. Execute the following to restart sshd on the server:
systemctl restart sshd