The motive for using public/private key authentication are:
- Firstly for convinience, you no longer need to enter password (unless you encrypt your keys with password protected).
- Secondly, ones setup, you can remove password protection, which is a big cracking hole.
The remote user needs to exist on the remote server. If it does not. Create it. And at least LOGIN ONES, so that it's home directory is created. Otherwise you can eagerly created the home directory when you add the user.
Here I will use the existing user root, for simplicity.
Generate public and private keys, with NO password protection. I will here use the RSA algorithm and key length 2048 bits.
Next make sure that the ssh key directory and private key has proper file permission
The last step is to copy the client public key to the server. You can either do that manually, or with the ssh-copy-id tool. Here I will use the tool.
If you were setting up public/private key authentication for a different user, please replace root in above command with you user.
On the server side, open /etc/ssh/sshd_config and enable public/private key authentication
Then restart the ssh daemon service.
And finally verify that the keys directory and files have the proper file permission and SELinux type for your user.
Finally you need to test, to verify the installation. On the client machine switch to the user you had setup for and