Setting up public key authentication for SSH

Posted by GradysGhost on Jan 24, 2011 4:42 AM EDT
Linuxphilia; By Ryan J. Jung
Mail this story
Print this story

If you're like me, you remote into a handful of servers using SSH all the time. The process is fairly simple: Get to a terminal, ssh username@hostname, Type password, Get to work.. No, it's not terribly difficult, but when you have to type that password fifty times per day, you begin to realize that it's time-consuming and repetitive. And there happens to be a way to eliminate that step from the process.

If you're like me, you remote into a handful of servers using SSH all the time. The process is fairly simple:

Get to a terminal ssh username@hostname Type password Get to work No, it's not terribly difficult, but when you have to type that password fifty times per day, you begin to realize that it's time-consuming and repetitive. And there happens to be a way to eliminate that step from the process.

The SSH protocol supports authentication by public keys, and setting this up is a trivial matter. The configuration process goes something like this:

Generate a key for your client system Put it on the server One prerequisite: your SSH server must have public key authentication enabled. This is usually the case by default, but if you want to check, you can look in your /etc/ssh/sshd_config file. Try this:

grep 'PubkeyAuth' /etc/ssh/sshd_config

If the output is

PubkeyAuthentication yes

then you're safe to continue. Otherwise, you'll have to make the change in that file and restart the SSH server. There are a few ways to accomplish this, and I won't go into them here because it's not the point.

The point is that once this is ready, you can create your RSA key on the client machine. This is the first step toward getting this done. On the client machine, run

ssh-keygen -t rsa

You'll be asked for a filename. Just press enter to accept the default, which is probably ~/.ssh/id_rsa

You'll also be asked for a passphrase. You can use this optionally. If the point is to eliminate having to enter a password with every SSH connection, it's best to supply no passphrase. You'll also be asked to confirm it.

When done, you'll get a printout of your fingerprint and you'll return to a prompt.

Now we need to check this file's permissions. We don't want any other users to be able to read this pubkey file lest they compromise your authentication.

chmod 600 ~/.ssh/id_rsa.pub

Finally, copy your public key to the server as a specific filename.

scp ~/.ssh/id_rsa.pub username@server:~/.ssh/authorized_keys

Make sure the authorized_keys file has the same permissions so it won't be compromised.

The next time you log in from this client machine, you won't be asked for your password.

Full Story

  Nav
» Read more about: Story Type: Tutorial; Groups: Linux

« Return to the newswire homepage

Subject Topic Starter Replies Views Last Post
Security is Inconvenient. Bob_Robertson 12 883 Feb 2, 2011 12:11 PM

You cannot post until you login.