Access by password authentication

The „easiest“ way connecting to a ssh server is via ssh johndoe@host. This approach requires a password authentication which will be prompted after the mentioned command is running.

You should avoid this approach for many reasons. See the next section.

Access by key authentication

The preferred way connecting to a ssh machine is by using a key instead of a password. This has many advantages, among others

  • higher security (harder to crack than a password)
  • more comfort (you don’t need to enter the password every time)
  • prerequisite for automation purposes

Using ssh keys

You are able to connect to your server within 3 steps to do on your client.

Steps

  1. ssh-keygen -t ed25519
  2. ssh-copy-id -i ~/.ssh/id_ed25519.pub johndoe@host
  3. ssh -i ~/.ssh/id_ed25519 user@host

Description of the steps

  1. This will create a public and a private key with ed25519 as the algorithm. The keys are stored in ~/.ssh/ and have the following names:
    • private key: id_ed25519
    • public key: id_ed25519.pub
  2. Bring the public key to the ssh server. The -i option refers the public key. You need to enter your password when doing this (the last time).
    NOTE: the private key is secret. Don’t transfer this key to another machine and don’t make it accessible to any other user!
  3. Everything done! You are able to connect! The -i option refers the private key.

Additional information

In the above example there is no explicit name given while creating the keys. So by default the keys are named by the used algorithm (id_ed25519id_ed25519.pub). In the case you are using such default names you can simplify the steps by removing the -i options:

  1. ssh-keygen -t ed25519
  2. ssh-copy-id johndoe@host
  3. ssh user@host

This is much simpler to use now than a password. But this is not the best experience, there is one more step to do for getting the easiest connection mechanic: provide a config. See the next section.

Using a config

To get the best experience you can define a ~/.ssh/config file. This allows us to define all the necessary connection information to a specific host under an alias.

  1. Create the file ~/.ssh/config.
  2. Run chmod 600 ~/.ssh/config to make the file only readable and writeable by the current user and not accessible by others.
  3. Insert the following section into ~/.ssh/config:
Host myhost
    HostName host
    User johndoe
    IdentityFile ~/.ssh/id_ed25519

Now you are able to connect to the host by easily run

ssh myhost

NOTE: You are able to insert many sections into the config file.

For more infos also have a look into here

Eingeordnet in:

Linux, macOS, UNIX,