Following up on Zhaoliang's #wfh tips, you can alternatively SSH into a remote server via a public/private key pair and completely disable password authentication. This provides two notable benefits:

  • Security: public/private key pair authentication is arguably more secure than sending plain-text passwords to your remote server
  • Convenience: you'll be able to SSH into a remote server instantly without needing to type a password (unless you password-lock your private SSH key, which has its own benefits)

After enabling SSH on your remote server, generate a key pair on your local machine via:

ssh-keygen -t rsa -b 4096

Note that here we are using RSA to generate our key pair for best compatibility, but keep in mind that RSA is quickly becoming outdated and may be broken in the future (hence the 4096 bit keysize for maximum security). Alternatively, one could use newer algorithms (i.e., ed22519) but support for it is not yet universal. You can specify a specific location and name for your keys, but by default they are stored in ~/.ssh under id_rsa.pub (your public key) and id_rsa (your private key).

Next, append the contents of your local machine's public key id_rsa.pub to your remote server's ~/.ssh/authorized_keys, either by copying the file to the remote server and piping its contents via:

cat LOCAL_MACHINE_PUBLIC_SSH_KEY >> ~/.ssh/authorized_keys

or using the ssh-copy-id command (see here).

This authorizes any private key that cryptographically matches this public key for secure remote connections. On your remote server, make sure your ~/.ssh has the right permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Finally, enable public key authentication via:

sudo vim /etc/ssh/sshd_config

and uncomment the PubKeyAuthentication such that:

PubKeyAuthentication yes

Now test your new connection method via:

ssh USERNAME@REMOTE_HOST

If successful, you should be able to connect instantly! If you were able to get this far, I'd recommend disabling password authentication on your remote server so that only those that hold your private key can access the server. To do this, edit the SSH daemon's configuration file again on your remote server via:

sudo vim /etc/ssh/sshd_config

and uncomment the line with PasswordAuthentication and set it to no:

PasswordAuthentication no

Finally, restart the SSH service via sudo service ssh restart.

Next Post Previous Post