SSH Key Pair Authentication

January 24th 2021

Even though most people are familiar with passwords, due to their many shortcomings their use is slowly changing. The problem with passwords is they need to be strong yet memorable, which can be difficult proposition. Password managers can help but those aren’t without issues either, and might not work in all scenarios.

In most cases the SSH server on Linux will authorize users to login with the password set for them. There are other methods to login to a Linux machine, but this guide will focus on remotely logging into a Linux machine using a key pair for authentication.

  1. Create a key pair using Bitvise SSH Client. In the main Bitvise window open the Client key manager

  2. The Client Key Manager is a handy GUI to manage key pairs to authenticate to a host. The example below has a key pair generated as Profile 1. Confidential information has been pixelated out, make sure not to lose track of this information.

  3. Click the Generate New button to open the Generate New Keypair dialog.

    Profile makes the key pair only available to the currently open Bitvise profile. Global makes the key pair available to all profiles. A unique number is required for the key pair.
    Various algorithms can be selected. RSA is fine for general use with a size of at least 2048, though its recommended to go higher if security is paramount. Ed25519 is one of the most widely used signature schemes proven to be highly secure.
    An optional passphrase can be used to further secure the private key. Even so it is highly recommended to use a passphrase.
    An optional comment to provide further details about the key. This is useful if you manage many keys.
    Once all required fields are filled, click the generate button to create the key pair.
  4. To export the key to a compatible format use the Export Key dialog.

    Export public key
    Export the public key in the OpenSSH format.
    Export private key
    The private key can be backed up as a Bitvise format or an OpenSSH format.
    Click this button to bring up the save dialog.
  5. Connect to the server using ftp, sftp, or ftps. Sftp is recommended.

  6. Move to the user’s home profile, in Debian that is usually located at /home and the user’s directory. In the example below replace $USER with the appropriate username.

     cd /home/$USER

    the ~/ path is a short cut to the currently logged in user’s home.

     cd ~/
  7. Create a directory called .ssh

    mkdir ~/.ssh/
  8. Copy the exported public key from before into the .ssh directory.

  9. Rename the file to authorized_keys

     mv ~/.ssh/ ~/.ssh/authorized_keys
  10. Adjust the permissions of the .ssh directory

    chmod 644 ~/.ssh/
    chmod 700 ~/.ssh/authorized_keys
  11. Log out of any current ssh sessions.

  12. Select publickey as the initial method for authentication. Select the correct key profile, 2 since that’s the new profile we made earlier. If the key has a passphrase enter it in the Passphrase section.

  13. Log back in using generated key pair.

This post is written by Gouthaman Raveendran, licensed under CC BY-NC 4.0.