Back in November, I took a quick look at how to set up secure remote login with SSH.
It's really simple to login with your username/password combination on the remote machine, but sometimes it can be a better idea to use key-based authentication.
Key-based authentication is where instead of authenticating that you are you with the remote machine credentials, you use a cryptographic key pair. I won't go into all the gory details, but it's all done with industry-standard public/private key authentication.
This tutorial assumes you're using a Unix-like operating system on both the local and remote machines which both run OpenSSH. First, on your local machine, fire up a terminal and enter the following:
$ ssh-keygen -t rsa
Accept the default for the location by pressing Enter. Now you'll be asked for a passphrase. This provides extra protection - even if someone gets hold of your private key, they won't be able to login without the passphrase. Likewise, if someone somehow gets your passphrase, it's useless without the private key. It's kind of a dual-lock system.
You can leave it blank, which will mean you won't have to enter anything to log in over SSH, but you will lose the extra protection. It's up to you. I personally choose to leave it on and think of a good, strong password.
Once you've entered and confirmed that, you'll get a message about your key fingerprint.
The final step is to add your public key to the list of allowed keys to login on the remote machine.
Login with your username/password as normal. In your home folder, open up the file authorized_keys in the .ssh folder (yep, that's a hidden folder). If the folder or file don't exist, just create them.
Paste the contents of the file ~/.ssh/id_rsa.pub on your local machine onto the end of the authorized_keys file on the remote machine and save that file.
Log out and log back in to your remote server. You should be asked for your passphrase if you set one (instead of the password for the remote account). If not, you should dive straight in.
Easy!
