Practice Use drills for recall and labs for real operating judgment.

LAB-SEC-03 - SSH Key Authentication

Generate an SSH key pair, authorize the public key, and verify key-based login before changing server authentication settings.

SEC Security & Firewalls

SSH Key Authentication

Generate an SSH key pair, authorize the public key, and verify key-based login before changing server authentication settings.

35 min INTERMEDIATE LINUX Field-verified
Prerequisites
Lab LAB-SEC-01 - The UFW Firewall Lab LAB-FS-04 - Inside /proc and /sys - The Virtual Windows
Success criteria
  • Generate an SSH key pair, authorize the public key, and verify key-based login before changing server authentication settings.
  • Repeat the workflow without copy-paste or step-by-step prompting.
Safety notes
  • Never share the private key, and verify key-based access works before disabling password authentication on a real host.

Part A: The Field Guide

What This Lab Is Really About

SSH keys improve remote access because they replace reusable passwords with a stronger authentication mechanism.

The main habits are:

  • generate the pair safely
  • keep the private key private
  • place the public key where the server expects it
  • test the login before making SSH stricter

Command Reference

Common SSH key workflow

ssh-keygen -t ed25519 -C “practice_key” ssh-copy-id -i ./custom_key.pub localhost ssh -i ./custom_key localhost

Part B: The Drill Deck

Terminal required: use a local or disposable environment for the first practice.

G
Guided Step by step - type exactly this and compare the result
>

Exercise G1: Generate a Practice Key Pair

  1. Go to your home directory: cd ~
  2. Generate a key pair:
ssh-keygen -t ed25519 -C "dojo_practice_key"
  1. When asked where to save it, do not overwrite your normal key. Save it as:
./custom_key
  1. Complete the prompts.

Exercise G2: Inspect the Pair Safely

  1. List the files:
ls -l custom_key*

  1. Confirm that you have:

    • a private key file
    • a .pub public key file

  2. Read only the public key file if you want to inspect the format:

cat custom_key.pub

Exercise G3: Authorize the Public Key

  1. In a local practice setup, copy the public key to localhost:
ssh-copy-id -i ./custom_key.pub localhost
  1. Follow the prompts.
  2. Confirm that the key was added successfully.
S
Solo Task described, hints available - figure it out
>

Exercise S1: Test Key-Based Login

  1. Log into localhost with the specific key:
ssh -i ./custom_key localhost
  1. Confirm that the login works.
  2. Exit back to your normal shell.

Exercise S2: Inspect the Authorization File

  1. Read the authorized-keys file:
cat ~/.ssh/authorized_keys
  1. Confirm that your public key was added.
M
Mission Real scenario - no hints, combine multiple skills
>

Mission M1: Explain the Safe Hardening Order

Imagine you are about to set PasswordAuthentication no on a real server.

Write down the safe order:

  1. generate or obtain the key pair
  2. place the public key on the server
  3. test key login in a separate session
  4. only then change SSH authentication settings

If you can explain why that order prevents lockout, the mission is complete.