Now that we have our new user created, we can create an additional layer of security for our server, by creating a Cryptographic Key Pair. The key pair replaces the role of our login password.
It reduces the likelihood of success of "brute-force" attacks on the server. A brute-force attack is when someone trying to gain unauthorized access to your system, sets up a script to try different combinations of characters to guess your password.
If you are on a MAC machine you can follow the steps in this lesson.
If you are using a Windows machine, please view the previous lesson intended for Windows users.
First launch Terminal.
Type in the following command to create a SSH Key on your local machine ssh-keygen
Now follow the prompts to configure your key.You can leave all the settings as default, except for your password.
Once complete the newly-generated SSH keys are located in the ~/.ssh/ directory.
Next, we need to login to our Linode server as user bob to check if we a .ssh directory already created. ssh bob@your_server_ip
Remember to replace the IP address with your Linode server IP. If you used a different username you will need to change the bob value as well.
Next type in ls ľal to get a listing of all the folders under user bob.
I don't currently have an .ssh directory so I willá need to make one using the following command: mkdir .ssh
Please carefully check to make sure this directory doesn't already exist before running this command.
Now type exit, to terminate the connection to your Linode server.
Next, we need to copy the public key into the .ssh folder on our Linode server. To do so use the following command, but make sure to change the host name to your Linode IP, and the user if you did not use bob. scp ~/.ssh/id_rsa.pub bob@your_server_ip:/home/your_username/.ssh/uploaded_key.pub
Now connect to your linode server: ssh bob@your_server_ip
Type cd .ssh
Inside the .ssh directory you should see a file called uploaded_key.pub
Now type: echo `cat ~/.ssh/uploaded_key.pub` >> ~/.ssh/authorized_keys
This command will copy the public key we uploaded into the authorized_keys file.
Now type exit to terminate the connection.
The last step is to log back in, to make sure we are prompted for our passphrase.
Since we are prompted for the passphrase the setup has been completed successfully. You can now login using an SSH key pair, rather than a plain text password.