SSH is an open-source and Secure Shell protocol used to connect to a remote Linux server and manage it via the command line. It helps a system and network administrator to manage Linux servers from a remote location. You can also use it to transfer files between multiple Linux servers. You can connect to the removed SSH server using two methods, using password authentication and key-based authentication. Key-based authentication is more secure than a password because only a user with a valid key can log in to Linux.
In this post, we will show you how to install SSH and set up SSH key-based authentication on Arch Linux.
Prerequisites
- A fresh Arch Linux server on the Atlantic.Net Cloud Platform
- A root password configured on your server
Step 1 – Create Atlantic.Net Cloud Server
First, log in to your Atlantic.Net Cloud Server. Create a new server, choosing Arch Linux as the operating system with at least 2GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.
Step 2 – Configure Repository
By default, the default repository is outdated in Arch Linux, so you will need to modify the default mirror list. You can do it by editing the mirrorlist configuration file:
nano /etc/pacman.d/mirrorlist
Remove all lines and add the following lines:
## Score: 0.7, United States Server = http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch ## Score: 0.8, United States Server = http://lug.mtu.edu/archlinux/$repo/os/$arch Server = http://mirror.nl.leaseweb.net/archlinux/$repo/os/$arch ## Score: 0.9, United Kingdom Server = http://mirror.bytemark.co.uk/archlinux/$repo/os/$arch ## Score: 1.5, United Kingdom Server = http://mirrors.manchester.m247.com/arch-linux/$repo/os/$arch Server = http://archlinux.dcc.fc.up.pt/$repo/os/$arch ## Score: 6.6, United States Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch ## Score: 6.7, United States Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch ## Score: 6.8, United States Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch ## Score: 7.1, India Server = http://mirror.cse.iitk.ac.in/archlinux/$repo/os/$arch ## Score: 10.1, United States Server = http://mirrors.xmission.com/archlinux/$repo/os/$arch
Save and close the file, then update all the package indexes with the following command:
pacman -Syu
Step 2 – Generate an SSH Key
First, you will need to generate an SSH key pair on the Linux system where you are working.
You can generate it using the following command:
ssh-keygen -t rsa
You will be asked to specify the location to store the key as shown below:
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Just press Enter and accept the default path. You will be asked to set a passphrase as shown below:
Enter passphrase (empty for no passphrase): Enter same passphrase again:
Just press Enter without providing any passphrase. You should see the following output:
Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: ec:50:43:d9:39:64:f8:19:63:18:ab:1c:e4:ea:f5:e7 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | . oBo. | | o .+oB | | o +o = | | o = .o | | . = S | | . . + | | . o . | | o | | E | +-----------------+
Now, verify your SSH key using the following command:
ls -la ~/.ssh/id_*.pub
You should see the following output:
-rw-r--r-- 1 user user 392 Sep 8 14:34 /home/user/.ssh/id_rsa.pub
Step 3 – Copy SSH Public Key to Remote Server
Now, you will need to copy your public key to the remote Linux server. You can do it using the ssh-copy-id command:
ssh-copy-id [email protected]
You will be asked to provide a root password of a remote server to copy a public key:
[email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
Step 4 – Connect Remote Server without Password
At this point, the SSH key is generated and copied to the remote server. You can now connect to the remote server without providing a password:
ssh [email protected]
Once you are connected, you should see the following output:
Welcome to archlinux (GNU/Linux 5.4.0-29-generic x86_64) * Documentation: https://help.archlinux.com * Management: https://landscape.canonical.com * Support: https://archlinux.com/advantage Last login: Wed Sep 8 07:50:27 2022 from 10.10.20.203 [email protected]:~#
Step 5 – Remove Password-based Authentication
At this, SSH key-based authentication is configured successfully. Now, it is recommended to disable the use of password authentication so that everyone uses only keys to access the server.
On the remote Linux server, edit the SSH main configuration file:
nano /etc/ssh/sshd_config
Uncomment and change the following line:
PasswordAuthentication no
Save and close the file, then restart the SSH service to apply the changes:
systemctl restart ssh
Conclusion
In the above post, we explained how to set up SSH key-based authentication on Arch Linux. You can now implement SSH key-based authentication for each server that you want to manage remotely. You can choose one of our dedicated server hosting from Atlantic.Net! to test the SSH.
