1. Introduction
Using traditional password‑based SSH login has security limitations: even a strong password (with upper‑case, lower‑case, numbers, special characters) remains vulnerable to brute‑force attacks, especially if the same password is reused across multiple remote hosts.
By contrast, SSH public‑key authentication is a more secure, robust method. It uses asymmetric cryptography: you generate a key‑pair (a private key kept on your local machine, and a public key which you store on the remote system).
Key facts
- The private key must be secured and never shared.
- The public key can safely be placed on remote systems you want to access.
- When you attempt to connect, the SSH server verifies you hold the private key corresponding to the public key stored there.
- As a result, you can disable password login, reducing attack surface.
Prerequisites:
- The remote system must have an SSH server installed (e.g., OpenSSH).
- Your local computer must also support SSH.
2. Setting up Public Key Authentication on Linux or macOS
Here are the detailed steps to enable SSH public‑key authentication from a Linux or macOS machine to a remote host.
Step 1: Generate a key pair
On your local machine, open a terminal and run a key generation command. The example uses DSA (though in practice you might prefer stronger key types like RSA with larger bit length or Ed25519)
ssh-keygen -t dsaYou’ll see prompts like:
Generating public/private dsa key pair.
Enter file in which to save the key (/home/kodehelp/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/kodehelp/.ssh/id_dsa.
Your public key has been saved in /home/kodehelp/.ssh/id_dsa.pub.
The key fingerprint is: …