63

How do I setup Public-Key Authentication for SSH?

Amir
  • 10,600
  • 9
  • 48
  • 75
Eldila
  • 15,426
  • 23
  • 58
  • 62

2 Answers2

107

If you have SSH installed, you should be able to run..

ssh-keygen

Then go through the steps, you'll have two files, id_rsa and id_rsa.pub (the first is your private key, the second is your public key - the one you copy to remote machines)

Then, connect to the remote machine you want to login to, to the file ~/.ssh/authorized_keys add the contents of your that id_rsa.pub file.

Oh, and chmod 600 all the id_rsa* files (both locally and remote), so no other users can read them:

chmod 600 ~/.ssh/id_rsa*

Similarly, ensure the remote ~/.ssh/authorized_keys file is chmod 600 also:

chmod 600 ~/.ssh/authorized_keys

Then, when you do ssh remote.machine, it should ask you for the key's password, not the remote machine.

To make it nicer to use, you can use ssh-agent to hold the decrypted keys in memory - this means you don't have to type your keypair's password every single time. To launch the agent, you run (including the back-tick quotes, which eval the output of the ssh-agent command)

`ssh-agent`

On some distros, ssh-agent is started automatically. If you run echo $SSH_AUTH_SOCK and it shows a path (probably in /tmp/) it's already setup, so you can skip the previous command.

Then to add your key, you do

ssh-add ~/.ssh/id_rsa

and enter your passphrase. It's stored until you remove it (using the ssh-add -D command, which removes all keys from the agent)

dbr
  • 165,801
  • 69
  • 278
  • 343
  • 4
    If you have to create the .ssh folder don't set it to 600 like me or you're gonna have a bad time. Instead set it to 700. :-) – Ray Hulha Feb 21 '14 at 14:04
  • Can I login from unknown machine using the private key that was generated for known/configured client to communicate to server? I mean, is this private key portable & could be used to authenticate myself to server from other machines, in case of emergency needs ?? – Rajat Gupta Feb 28 '14 at 08:33
  • 2
    @user01 Yes, you can copy the private key to multiple systems and access another server that has the corresponding public key. – Charlie Gorichanaz Feb 28 '14 at 09:14
  • @Charlie Gorichanaz: Is it also the other way round, like could I generate a key pair on server & use generated public key on all the other machines that I want to connect to this server ? – Rajat Gupta Feb 28 '14 at 09:46
  • 2
    Uploading public key to remote machine can also be handled by `ssh-copy-id [-i identity] [user@]host` executed on local machine. – Jan Blechta May 18 '14 at 14:52
  • @user01 if you generate a key pair on server and copy the public key to other machines, then you’ll only be able to log in _from the server to that machines,_ not the other way round. – törzsmókus Dec 04 '14 at 15:02
5

For windows this is a good introduction and guide

Here are some good ssh-agents for systems other than linux.

roo
  • 7,106
  • 8
  • 39
  • 45