Configure key-based SSH authentication

IMPORTANT: Before following the steps below, ensure that your application server is running.

To configure the SSH server to support key-based authentication, follow these steps:

  • Log in to the server console as the bitnami user.

  • Create a key pair, consisting of a public and private key, as shown below. Set a long passphrase when prompted.

      $ ssh-keygen
  Generating public/private rsa key pair.
  Enter file in which to save the key (/home/bitnami/.ssh/id_rsa):
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /home/bitnami/.ssh/id_rsa.
  Your public key has been saved in /home/bitnami/.ssh/id_rsa.pub.
  The key fingerprint is:
  XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX bitnami@linux

    This command should create two files named id_rsa and id_rsa.pub in the /home/bitnami/.ssh directory.

  • Copy the private key file named id_rsa to a secure location. Do not share this private key file.

  • Transfer the contents of the public key file to the /home/bitnami/.ssh/authorized_keys file:

      $ cd /home/bitnami/.ssh
  $ cat id_rsa.pub >> /home/bitnami/.ssh/authorized_keys

  • Edit the /etc/ssh/sshd_config and uncomment (or add if not already present) the following lines:

      RSAAuthentication yes
  PubkeyAuthentication yes

  • In the same file, disable basic password authentication (if not already disabled). Uncomment or add the following lines:

      ChallengeResponseAuthentication no
  PasswordAuthentication no
  UsePAM no

  • Restart the SSH server for the new configuration to take effect:

      $ sudo /etc/init.d/ssh force-reload
  $ sudo /etc/init.d/ssh restart

You can now use the private key file to connect to the virtual machine using SSH.

Last modification September 2, 2025