These are instructions adapted from other sources to work with openSUSE Tumbleweed and Leap.
This is a quick how to on setting up computers with pre-shared keys. This is for added security when accessing machines remotely over Secure Shell. For me, this is mostly for convenience, at least, the way I am setting it up.
A pre-shared key setup allows you to login to Secure Shell Login (SSH) to a server without the need for a password. Optionally, you can use this to allow access only to those users who can display the valid key to the server. This is generally considered the most secure way to use SSH to access remote machines.
Create your Public and Private Key Pair
Begin at the client machine from which you do your work. Open a terminal and enter this:
ssh-keygen -t rsa
Warning: If you do not passphrase-protect your key than anyone gaining access to your client machine will automatically have access to the remote machine with this key.
This will create two files in your ~/.ssh directory:
id_rsa is your private key. This one stays on your client machine.
id_rsa.pub is your public key. This key you copy to the server(s).
Copy the Public Key to Your Server(s):
Now you need to add the public key to the server or servers that you want to be able to access using the pre-shared keys. For this example, replace “user” with the targeted user name and “hostname” with the actual hostname (or IP address) of the target system. This example is using Secure Copy (SCP) to transfer the files. SCP uses the same authentication as SSH.
scp id_rsa.pub user@hostname:/home/user/
Now login to the target server using SSH and add it to the authorized_keys list:
cat id_rsa.pub >> ~/.ssh/authorized_keys
Give it a Test Run
Now you should be able to log into the server and if you didn’t enter a passphrase for the shared key, you won’t be prompted for a password. SSH will first try to authenticate using your keys. If no keys are found or authentication fails, then SSH will attempt to use conventional password authentication.
Optionally, once you’ve checked you can successfully login to the server using your public/private key pair, you can disable password authentication altogether here:
Pre-shared key is a very convenient way to manage your home systems, I use this method, primarily out of convenience and ease for automating other processes. Added convenience and security is most certainly a win.