Skip to main content

Configuring Key-Based Authentication

Hands-On Lab

 

Photo of

Training Architect

Length

00:45:00

Difficulty

Intermediate

A strong password is typically composed of upper-case and lower-case letters, numbers, and special characters. You can even create a 20-character password and, in all likelihood, nobody will ever guess it. But do you really want to type in a 20-character password every time you need to access the server? Maybe you might, but most people really do not want to. Therefore, in this lab, we will configure SSH key-based authentication, which is far more secure and you do not have to type in any passwords when you log in to the server. Furthermore, when key-based authentication is configured, most people forget to disable password-based authentication altogether. We will not forget to do this. Finally, we will also disable root-based login as an extra security precaution.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configuring Key-Based Authentication

Introduction

In this hands-on lab, we will configure SSH key-based authentication and disable password-based authentication as well as root-based login.

Solution

Using a Linux machine, one of our Cloud Playground instances, or our Instant Terminal feature, log in to the lab server via SSH using the credentials provided:

ssh cloud_user@<Server_IP_Address>

Generate a Key Pair on the Client for SSH

  1. In the terminal, enter:

    ssh-keygen
  2. Provide a path and name.
  3. Press Enter to leave the passphrase empty.

Copy the Newly Created Key Over to the Server

  1. Open your newly created key (replace <PATH_TO_PUBLIC_KEY> with your path):

    vim <PATH_TO_PUBLIC_KEY>
  2. Select all and copy.

  3. Open /home/cloud_user/.ssh/authorized_keys:

    vim /home/cloud_user/.ssh/authorized_keys
  4. Paste in the public key.

  5. Save and quit:

    ESC
    :wq
    ENTER

Configure SSH to Not Allow Root Login or Password-Based Authentication and to Allow Key-Based Authentication

  1. Open the file:

    sudo vim /etc/ssh/sshd_config
  2. Make the following changes:

    PermitRootLogin no
    PasswordAuthentication no
    ChallengeResponseAuthentication no
    PubkeyAuthentication yes
  3. Save and quit:

    ESC
    :wq
    ENTER
  4. Restart the sshd service:

    sudo systemctl restart sshd

Test the New Configuration by Logging Out and Back in with the Newly Created Key

  1. Log out:

    exit
  2. Log in with the newly created key (replace <PATH_TO_PRIVATE_KEY> with your path):

    ssh cloud_user@SERVER_IP -p 61613 -i <PATH_TO_PRIVATE_KEY>

Conclusion

Congratulations on successfully completing this hands-on lab!