1st. Generate RSA Certificates as below
ssh-keygen -b 4096 -t rsa
notes: the default length of the RSA is 2048, 4096 will be more safe.
2nd. Press Enter key to confirm the path where the Certificates be stored when you see the information as below:
Enter file in which to save the key (/root/.ssh/id_rsa):
3rd. Input password of the certificates.
4th. set the pubkey as below:
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
Notes:”>>” means add new key information to the file “authorized_keys” but not “overwrite”, if you want to “overwrite” the old information in the “authorized_keys”, you should use “>” instead of the “>>”.
5th. Change the permissions of the file and directory as below:
chown -R 0700 ~/.ssh chown -R 0640 ~/.ssh/authorized_keys
6th. Modify the sshd_config file to forbiden the password login and allow the Pubkey & RSA way login, you can do it by FTP way or SSH way.(the path of the sshd_config is /etc/ssh/sshd_config)
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no
7th. Reload the sshd service in order to run the changes right away.
service sshd restart
a. after you generate the RSA files you should download the id_rsa to your local pc and delete it from the server.
b. you’d better do not set the “PasswordAuthentication yes” to “PawwsordAuthentication no” before you make sure the “PubkeyAuthentication yes” works well or you may be in trouble for you may have no way to access to the server unless you have further more methods to manage it.