Key-based SSH logins rely on the idea of public-key cryptography.

In the process, your client computer generates two keys: a public key and a private key. The idea is that you can encrypt data with the public key, but only decrypt it with the private key. We’ll put the public key on the server and ask it to encrypt all outgoing communication with it. This makes sure that only those clients with the private key can decrypt and read the data.

First, set up an SSH server on the remote computer using OpenSSH. If you already have an SSH server running and just want to know how to set up key-based authentication, you can skip this step. Use your favorite packet manager to install the OpenSSH server application. The simplest way might be to run the apt-get command from the Terminal.

  sudo apt-get install openssh-server

Enter your password, confirm, and wait a minute for it to finish installing. Congratulations, you now have an SSH server.

You can either use the application as-is, or edit the ssh configuration file /etc/ssh/sshd_config. Run the man sshd_config command in Terminal to get more information. Another great resource to learn more about OpenSSH is the relevant Ubuntu (or other Linux distribution) help page.

Don't forget to open the proper port (default is 22) in the firewall to allow external connections.

Nest you need to generate a set of keys (public & private) for your local computer. Run the following commands (based on OpenSSH for Ubuntu).

  mkdir ~/.ssh
  chmod 700 ~/.ssh
  ssh-keygen -t rsa

The first command creates a hidden .ssh directory in your home folder, the second changes the access permissions of the folder, while the third command generates a set of RSA keys.

You will be asked for a location to save the keys (leave blank and press enter to save in the default .ssh directory location) and then you'll be asked for a passphrase.

This passphrase further encrypts the private key that’s stored on your computer, giving you more time to secure the SSH server if your private key is ever stolen. Make sure you choose a passphrase you’re able to remember, as you’ll have to enter it when you use your key.

You will need to transfer the public key you generated in the previous step to the computer running the SSH server (step 1). If your client machine also runs Linux, this can be achieved very easily by running the command.

  ssh-copy-id <username>@<host>
  

Where <username> is your username on the SSH Server and <host> is the IP address or FQDN of the SSH server.

If your client doesn’t support the ssh-copy-id command, you can use the following command instead. It’s more convoluted, but achieves the same results.

  cat ~/.ssh/id_rsa.pub | ssh <username>@<host> "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"

You will be asked to enter the your user password for the SSH server. If the commands finishes without errors, your public key will have been copied to the SSH server.