Loading...

VONDS ©

Lab 64: SSH Keys - Access Remote Server without Password

Lab Index

Set up SSH key-based authentication to enable passwordless logins to a remote host. Generate a key pair, install the public key on the server, then validate that the connection succeeds without a password prompt.

ssh authentication core

Scenario

You connect to the same remote server frequently and want to remove repeated password entry from your workflow. Your task is to generate an SSH key pair locally, copy the public key to the remote account, and confirm that you can log in using the key. This is a standard operational setup that improves both efficiency and security when combined with strong key protection and server-side policy.

Operator context

In production environments, key-based access is often paired with disabling password authentication, enforcing modern key types, and constraining access through least-privilege accounts. This lab focuses on the core setup and validation workflow.

Objective

  • Generate a new SSH key pair for the local user.
  • Install the public key on a remote account using ssh-copy-id.
  • Validate that SSH login completes without a password prompt.
  • Exit the remote session cleanly.

What You’ll Practice

  • Creating SSH key pairs with ssh-keygen.
  • Deploying public keys to a remote host using ssh-copy-id.
  • Verifying key-based authentication with a standard ssh user@host login.
  • Understanding the relationship between public keys (~/.ssh/*.pub) and private keys (~/.ssh/id_*).

Walkthrough

Step 1 : Generate an SSH key pair.
Command 
ssh-keygen -t rsa

This generates a new private/public key pair in ~/.ssh/. The private key stays local and must be protected. The public key is what you install on the remote server. 

Generating public/private rsa key pair.
Enter file in which to save the key (/home/lab/.ssh/id_rsa):
Created key at /home/lab/.ssh/id_rsa.pub
Step 2 : Copy the public key to the remote server.
Command 
ssh-copy-id labuser@192.168.1.50

This appends your public key to the remote user's ~/.ssh/authorized_keys file. You typically enter the remote password once during this step. 

/usr/bin/ssh-copy-id: INFO: Source of key: /home/lab/.ssh/id_rsa.pub
Number of key(s) added: 1
Now try logging into the machine, with:
  ssh labuser@192.168.1.50
Step 3 : Log in using key-based authentication.
Command 
ssh labuser@192.168.1.50

If the key is accepted and permissions are correct, the session should start without prompting for a password. 

Welcome to 192.168.1.50. No password required.
Step 4 : Exit the SSH session.
Command 
exit

This cleanly closes the remote shell and returns you to the local session. 

Connection to 192.168.1.50 closed.

Reference

  • ssh-keygen -t rsa : Generates a new RSA key pair in ~/.ssh/ (private key + public key).
  • ~/.ssh/id_rsa : Default private key file. Keep this file protected and never copy it to remote systems.
  • ~/.ssh/id_rsa.pub : Default public key file. This is the key that gets installed on the remote server.
  • ssh-copy-id user@host : Installs a public key into the remote user's ~/.ssh/authorized_keys.
  • ~/.ssh/authorized_keys : Remote file containing public keys allowed to authenticate for the account.
  • ssh user@host : Initiates an SSH session. If key-based authentication is configured correctly, it can succeed without a password prompt.
  • exit : Closes the remote shell session and terminates the SSH connection.