Security

ssh-keygen -b 4096 -t rsa

username@client:~ $ ssh-keygen -b 4096 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa
Your public key has been saved in /home/username/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:Jdf1vcisLk7l3FKMqAFT+4I3A9vBITCMfRSNBqIMTjM username@client
The key's randomart image is:
+---[RSA 4096]----+
|XE.oo+ .      .  |
|X+= + o .  . . ..|
|o= o o .. o .   o|
|..o . + .+. = . .|
|.. + . oSo o * . |
|    o   + + +    |
|       . . = .   |
|        ... .    |
|        ....     |
+----[SHA256]-----+
username@client:~ $

ssh-copy-id username@remote_host

username@client:~ $ ssh-copy-id username@remote_host
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_rsa.pub"
The authenticity of host 'remote_host (remote_host)' can't be established.
ECDSA key fingerprint is SHA256:bIeIlzk+BiG8ou+XOtlir5O2PoKQJqq5UFkWzOAtid4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@remote_host's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'username@remote_host'"
and check to make sure that only the key(s) you wanted were added.

username@client:~ $ ssh username@remote_host
Linux remote_host 5.15.74-v7l+ #1595 SMP Wed Oct 26 11:05:08 BST 2022 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Jul  6 08:14:38 2022 from 172.16.1.36
username@remote_host:~ $

If ssh-copy-id isn't available, copy the public key with ssh or print the public key and add it manually the the ~/.ssh/authorized_keys“ file on the remote_host. cat ~/.ssh/id_rsa.pub | ssh username@remote_host “mkdir -p ~/.ssh && cat » ~/.ssh/authorized_keys”

If you want the SSH Server to only allow key-based authentication, edit the /etc/ssh/sshd_config file on the remote_host.

vi /etc/ssh/sshd_config

...
PasswordAuthentication no
...

Only required if the /etc/ssh/sshd_config has been modified systemctl restart ssh

vi /etc/ssh/sshd_config

...
PermitRootLogin yes
...

systemctl restart ssh