virtualMachine

Configure key-based SSH authentication

IMPORTANT: Before following the steps below, ensure that you have enabled the SSH server (disabled by default) and that your application server is running.

To configure the SSH server to support key-based authentication, follow these steps:

  • Log in to the server console as the bitnami user.

  • Create a key pair, consisting of a public and private key, as shown below. Set a long passphrase when prompted.

      $ ssh-keygen
      Generating public/private rsa key pair.
      Enter file in which to save the key (/home/bitnami/.ssh/id_rsa):
      Enter passphrase (empty for no passphrase):
      Enter same passphrase again:
      Your identification has been saved in /home/bitnami/.ssh/id_rsa.
      Your public key has been saved in /home/bitnami/.ssh/id_rsa.pub.
      The key fingerprint is:
      XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX bitnami@linux
    

    This command should create two files named id_rsa and id_rsa.pub in the /home/bitnami/.ssh directory.

  • Copy the private key file named id_rsa to a secure location. Do not share this private key file.

  • Transfer the contents of the public key file to the /home/bitnami/.ssh/authorized_keys file:

      $ cd /home/bitnami/.ssh
      $ cat id_rsa.pub >> /home/bitnami/.ssh/authorized_keys
    
  • Edit the /etc/ssh/sshd_config and uncomment (or add if not already present) the following lines:

      RSAAuthentication yes
      PubkeyAuthentication yes
    
  • In the same file, disable basic password authentication (if not already disabled). Uncomment or add the following lines:

      ChallengeResponseAuthentication no
      PasswordAuthentication no
      UsePAM no
    
  • Restart the SSH server for the new configuration to take effect:

      $ sudo /etc/init.d/ssh force-reload
      $ sudo /etc/init.d/ssh restart
    

You can now use the private key file to connect to the virtual machine using SSH.

Last modification February 6, 2023