SSH Key Setup

ssh.md

SSH Key Setup

🧠 What You're Doing:

You're telling your Nginx server:

“Hey, only let me in if I prove I have the private key that matches this public key.”

This is called SSH key-based authentication — it's more secure than using passwords.

---

🔑 The Key Pair:

When you generate an SSH key, you get two files:

• id_rsa → Private key (keep this secret, never share)
• id_rsa.pub → Public key (can be shared, it’s safe)

They work like a lock and key:

• The public key goes on the server (like locking the door)
• The private key stays with you (like the key that unlocks the door)

---

🚀 What Each Step Does:

🛠 1. Generate the Key

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

• Creates a strong RSA key pair (public + private)
• Saves them in ~/.ssh/ (unless you specify otherwise)

---

🔁 2. Send Public Key to Server

ssh-copy-id -i ~/.ssh/id_rsa.pub -p 2222 root@192.168.0.100

OR do it manually by copying the content of id_rsa.pub and pasting it in:

~/.ssh/authorized_keys

on the server.

This tells the server:

"Here’s my public key. If someone tries to SSH in, check if their private key matches this one."

---

🔐 3. Set File Permissions on the Server

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

These commands make sure:

• Your .ssh folder is private
• The authorized_keys file is readable only by the owner

Linux is picky about SSH security — wrong permissions = login won’t work.

---

🚪 4. Log in Without a Password

ssh -p 2222 root@192.168.0.100

Now the server says:

"Okay, I’ve got your public key. Can you prove you own the private key?"

Your SSH client proves it silently using cryptography, and if it checks out — you're in ✅