So you have your Linux box all set up and configured and ready to rock and roll. That’s great, but if you are like most Linux users, you will likely want to use SSH for remote administration of your machine when you are not at home or if that machine is one that runs “headless” (without a monitor or keyboard). SSH is a very good and secure way to remotely access a machine. One mistake that many people (especially newbies) make is that they set up SSH (or it this is done by default) to be able to log in with only a password.

No matter how good your password is, there is no such thing as an uncrackable password. A better approach is to use public-key cryptography, which is built in to SSH. While, implementing public-key cryptography may seem a bit daunting, it is actually a fairly simple process and I’ll walk to through it here.

The first thing you will want to do is locate your sshd_config file, on Debian Etch it is in /etc/sshd. The two options in this file that we will need to change are RSAAuthentication (change it to yes) and PasswordAuthentication (change it to no). We will also look at AuthorizedKeysFile and make note of this location. this config file uses %h to point to a user’s home directory and %u to reference a user name.

You can put the AuthorizedKeysFile anywhere, personally, I place it in /etc/sshd/authorized_keys/ and then have a seperate file for each user that I want to have ssh access where the file is the same as the username. For this set up, AuthorizedKeysFile is set to /etc/sshd/authorized_keys/%u and the key for each user would be in that user’s file in this directory.

The next thing that will need to be done is to generate a key pair for each user. My preference is to generate the keys on the linux box itself using the command ssh-keygen. You can put the keys in any location that you would like (just make sure you make note of the location) and make sure to set a password (you may want to use a different password than the one you normally log in with, but that is up to you).

After this key pair has been generated, open the one with the .pub extension and copy the contents of that file (should be all on one line) to the authorized_keys file for the user that this key is for. Then it is time to restart ssh (by using /etc/init.d/sshd restart). Copy the version of the key without the .pub extension the machine that you want to log in from (making note of it’s location) and you should be able to log in using the key with the command: ssh -i

There is one more step that needs to be done if you want to ssh in from a Windows computer using Putty. You will need to copy the key (without the .pub extension) to the Windows computer and then run the puttygen program. Choose the option to Load a Key and select the key and click “generate key” to complete this process.

Now when you want to log-in using Putty, go to the authentication options and select the key that was just generated using puttygen.

That’s all there is to it. Hope this was helpful.