calendar Jan 1, 0001 · 2 min read  ·
Share on: linkedin copy

Create an Authentication Key-pair

https://www.linode.com/docs/guides/securing-your-server/

Caution
If you’ve already created an RSA key-pair, this command will overwrite it,
potentially locking you out of other systems. If you’ve already created a key-pair,
skip this step. To check for existing keys, run ls ~/.ssh/id_rsa*.

1ssh-keygen -b 4096

Press Enter to use the default names id_rsa and id_rsa.pub before entering your passphrase. On Linux and OS X, these files will be saved in the /home/your_username/.ssh directory. On Windows, they will be saved in C:\Users\MyUserName.ssh

 1
 2ericcallanan@The-Big-Guy ~ % ssh-keygen -b 4096
 3Generating public/private rsa key pair.
 4Enter file in which to save the key (/Users/ericcallanan/.ssh/id_rsa): 
 5Created directory '/Users/ericcallanan/.ssh'.
 6Enter passphrase (empty for no passphrase): 
 7Enter same passphrase again: 
 8Your identification has been saved in /Users/ericcallanan/.ssh/id_rsa
 9Your public key has been saved in /Users/ericcallanan/.ssh/id_rsa.pub
10The key fingerprint is:
11SHA256:muhuZslC9RjnvzdZnTtYWhEC8rKtWTnAdgGwsjauNPg ericcallanan@The-Big-Guy.local
12The key's randomart image is:
13+---[RSA 4096]----+
14|      ..o.o.     |
15|       o o .. .  |
16|    . . = o  . . |
17|    oo.. * .  .  |
18|   .+*  S =  . o |
19| ..o.ooo + .. =  |
20|..o.o.o.o  o = . |
21| o.+*   . + o o  |
22|  E*o   .o .   . |
23+----[SHA256]-----+

1ericcallanan@The-Big-Guy ~ % ls ~/.ssh         
2id_rsa		id_rsa.pub

On Linode

On your Linode (while signed in as your limited user):

1mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/

From your local computer:

1scp ~/.ssh/id_rsa.pub expanse@80.85.87.102:~/.ssh/authorized_keys

 1
 2ericcallanan@The-Big-Guy ~ % scp ~/.ssh/id_rsa.pub expanse@80.85.87.102:~/.ssh/authorized_keys
 3
 4The authenticity of host '80.85.87.102 (80.85.87.102)' can't be established.
 5ED25519 key fingerprint is SHA256:Du1/UmBIx2j+oFHhtqsiNR9AePc9eud0yyt+HAMrbnA.
 6This key is not known by any other names
 7Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
 8Warning: Permanently added '80.85.87.102' (ED25519) to the list of known hosts.
 9expanse@80.85.87.102's password: 
10id_rsa.pub

Disable password login

On Linode

 1sudo nano /etc/ssh/sshd_config
 2[sudo] password for expanse: 
 3
 4
 5-----------
 6PermitRootLogin no
 7
 8
 9
10# To disable tunneled clear text passwords, change to no here!
11PasswordAuthentication no
12
13

Restart the SSH service to load the new configuration.

1sudo systemctl restart sshd