Type a pass phrase: You may use a online generator if you wish such as this one: https://www.useapassphrase.com/
ssh-keygen -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/Users/YOU/.ssh/id_rsa): <YOU_MAY_RENAME_THE_FILE> <IN_MY_CASE_I_CHANGED_IT_TO /Users/YOU/.ssh/id_rsa_srv001.pub> <USEFUL_IF_YOU_HAVE_MORE_THAN_1_KEY>
Now, let’s see if SSH Key is working fine.
ssh-copy-id [-i identity_file]] [-p port] [-o ssh_option] [user@]hostname Example: Mac-Pro:.ssh YOU$ ssh-copy-id -i ~/.ssh/id_rsa_srv001 root@YOUR_SERVER /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/YOU/.ssh/id_rsa_srv001.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@YOUR_SERVER's password: <TYPE_YOUR_PASSWORD_WHEN_REQUESTED> Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@YOUR_SERVER'" and check to make sure that only the key(s) you wanted were added.
By default, authorized keys are placed in your users ~/.ssh/authorized_keys This file content looks like this:
ssh -i ~/.ssh/id_rsa_srv001 root@YOUR_SERVER <TYPE_YOUR_PASSPHRASE_WHEN_REQUESTED> You should get access to your server
IMPORTANT: Once you have verified that your SSH Key is allowing you to connected Disable Password Login
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRCrbVqqPtxLFt11Xu0G9yIdg80k9....FbYaPpHG4w== YOU@Mac-Pro.local
Save the file (: + wq + enter) and restart the ssh agent
$ sudo vim /etc/ssh/sshd_config ------------------------------------------------- # Look for a line with: PasswordAuthentication # Then make sure this line is set to: PasswordAuthentication no
And now if you try to connect, you must do it with SSH key. Otherwise your connection will be immediately refused. That’s all
sudo systemctl restart ssh