- Check if the public key already exist on your local machine.
$ locate id_rsa
If they do, go to the step the copies the public key to your destination machine.
- If the public key doesn’t already exist, execute
$ ssh-keygen
For my purposes, I hit -enter- then -enter- again. It shows a pretty picture. Now we’ve got public and private keys.
- Now, it is time to deploy the public key to the destination servers of interest.
$ ssh-copy-id userX@server1_ip $ ssh-copy-id userY@server2_ip
If your ssh-copy-id does not work (like my Mac), then you have to manually cut and paste the contents of the local ~/.ssh/id_rsa.pub to the destination’s ~/.ssh/authorized_keys.
- Then, restrict access for all the authorized_keys files on all your servers.
$ chmod 600 ~/.ssh/authorized_keys
Tip: On one of my machines the owner of the authorized_keys was root and because of that, the public key authentication didn’t work and I was entering passwords. Had to chown it the desired user. This link pointed me in the right direction.
- Further lock things down by disabling password authentication on your destination ssh server.
$ sudo nano /etc/ssh/sshd_config
and then make sure this line exists
PasswordAuthentication no
To lock down at certain times of the day, check out this out.
- If you are a home internet user, it is likely that your IP address may change. Luckily, there are services around that let you publish your IP address to a known server. These servers are called dynamic DNS hosting. For my purposes I went with Duck DNS. It is simple to sign-up with and they provide detailed instructions under their “install” tab.
Steps condensed from this reference.