Have you ever wondered about how you can connect to a remote server without typing any password? This is the tutorial for you. It is important to limit your server access to key based authentication, because in the event of a hack attempt, the hacker can’t simply brute force your server with a password list, SSH authentication will allow you to limit access to your server to only those that were previously whitelisted.
Create a new SSH key
If you already have a SSH key or are familiar with how this works, then you may skip this part. You first need to generate a new SSH Key with the following command:
ssh-keygen -t rsa
you’ll see the following:
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/yongzhi/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/yongzhi/.ssh/id_rsa. Your public key has been saved in /home/yongzhi/.ssh/id_rsa.pub. The key fingerprint is: SHA256:I0Un0smhbThMdDUtSQPUPTiB4FrhRy7eFKSoIzSJB0I yongzhi@yongzhi-HP-Compaq-8200-Elite-SFF-PC The key's randomart image is: +---[RSA 2048]----+ |+E .**@OB* | |o.. * %=+*o+ | |.+. . @ B o . | |.... + O | |. o . o S | | . . . . | | | | | | | +----[SHA256]-----+
open up ~/.ssh/id_rsa.pub file with your favorite text editor and copy the content to your clipboard.
Create a new Digital Ocean Droplet
The parameters don’t really matter as far as droplet image, location or size goes, what’s really important is the Add Your SSH key section, you must click on “New SSH Key” button and paste in your public key to the pop up:
Click the Create button after you’re done, your droplet should be ready in a minute. Now it’s important to RESTART your terminal shell so it takes new ssh key setting into effect. After you do that, type:
ssh-add adds RSA or DSA identities to the authentication agent, ssh-agent(1). When run without arguments, it adds the files ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity.
next run the following:
cat ~/.ssh/id_rsa.pub | ssh root@YOUR_IP_GOES_HERE "cat >> ~/.ssh/authorized_keys"
so your key will be on the server’s whitelist.
If you do everything correct, you should now be able to SSH into the server without any password!
That’s it! I hope you find this useful and it’s a small step towards securing your server. If you want to give Digital Ocean a try, you may sign up via this link and get $10 off