This article assumes that SSH is installed and listening on port 22 of the server. In this example, the SSH Server is Ubuntu 14.04 running OpenSSH.
Also in this example, we will use 192.168.1.50 as the IP address of the SSH server, jdoe is the user account on the server and email@example.com as your email address, so remember to change these to the actual values in your environment.
Generate an RSA Key Pair
In Windows, generating RSA keys can be done using PuTTYgen. You can download this utility here. Follow the directions found here to generate a key pair. You would also use PuTTY to remotely access the SSH server. This example uses a Mac OS X client, although the procedure is very similar for Linux clients.
In the OS X client, open Terminal and enter the following command:
ssh-keygen -t rsa -b 4096 -C "firstname.lastname@example.org"
You will be prompted for a location. Press Enter to accept the default. The next prompts will be for a passphrase and confirmation. Use a strong passphrase. Once the key pair has been generated, run the following commands:
eval "(ssh-agent -s)"
You will be prompted for the passphrase you setup earlier. (After this, you will no longer need to remember it as Keychain will remember it for you.)
Add the Public Key to the Server
From Terminal, enter the following command:
scp ~/.ssh/id_rsa.pub email@example.com:~/.
Login to the SSH server as jdoe. Enter the following commands:
chmod 700 .ssh
mv id_rsa.pub ~/.ssh.authorized_keys
chmod 600 auth*
Logout of the SSH server. From Terminal in OS X, test your connection:
If you receive a login prompt, something is wrong. Review the procedure above and try again. If you are sure you can access without providing a username and password, then proceed with the following steps.
Lock Down SSH Server
Login to the server as jdoe if not currently in. Enter the following command:
sudo nano /etc/ssh/sshd_config
While the editor is open, look for the following line:
Ensure that that one is commented out (starts with a hash) and add the following line immediately below it:
Next, look for the following lines:
# What ports, IPs and protocols we listen for
Change 22 to another number, for example 25022. Finally, add the following line to the bottom of the file:
Enter Ctrl+X, enter "y" and press Enter to save and close the Editor. Enter the following command to restart SSH:
sudo service ssh restart
You are now ready to securely access SSH. Remember to include the port number in your ssh command from the client. Using the above example, that would look like this:
ssh -p 25022 firstname.lastname@example.org