How do I setup Public-Key Authentication? [closed]

U

2

63

How do I setup Public-Key Authentication for SSH?

Unexampled answered 10/8, 2008 at 17:50 Comment(0)

C

108

If you have SSH installed, you should be able to run..

ssh-keygen

Then go through the steps, you'll have two files, id_rsa and id_rsa.pub (the first is your private key, the second is your public key - the one you copy to remote machines)

Then, connect to the remote machine you want to login to, to the file ~/.ssh/authorized_keys add the contents of your that id_rsa.pub file.

Oh, and chmod 600 all the id_rsa* files (both locally and remote), so no other users can read them:

chmod 600 ~/.ssh/id_rsa*

Similarly, ensure the remote ~/.ssh/authorized_keys file is chmod 600 also:

chmod 600 ~/.ssh/authorized_keys

Then, when you do ssh remote.machine, it should ask you for the key's password, not the remote machine.

To make it nicer to use, you can use ssh-agent to hold the decrypted keys in memory - this means you don't have to type your keypair's password every single time. To launch the agent, you run (including the back-tick quotes, which eval the output of the ssh-agent command)

`ssh-agent`

On some distros, ssh-agent is started automatically. If you run echo $SSH_AUTH_SOCK and it shows a path (probably in /tmp/) it's already setup, so you can skip the previous command.

Then to add your key, you do

ssh-add ~/.ssh/id_rsa

and enter your passphrase. It's stored until you remove it (using the ssh-add -D command, which removes all keys from the agent)

Concepcionconcept answered 12/8, 2008 at 18:13 Comment(6)

If you have to create the .ssh folder don't set it to 600 like me or you're gonna have a bad time. Instead set it to 700. :-) – Ulu 21/2, 2014 at 14:4

Can I login from unknown machine using the private key that was generated for known/configured client to communicate to server? I mean, is this private key portable & could be used to authenticate myself to server from other machines, in case of emergency needs ?? – Dormeuse 28/2, 2014 at 8:33

@user01 Yes, you can copy the private key to multiple systems and access another server that has the corresponding public key. – Isoagglutination 28/2, 2014 at 9:14

@Charlie Gorichanaz: Is it also the other way round, like could I generate a key pair on server & use generated public key on all the other machines that I want to connect to this server ? – Dormeuse 28/2, 2014 at 9:46

Uploading public key to remote machine can also be handled by ssh-copy-id [-i identity] [user@]host executed on local machine. – Flagging 18/5, 2014 at 14:52

@user01 if you generate a key pair on server and copy the public key to other machines, then you’ll only be able to log in from the server to that machines, not the other way round. – Langur 4/12, 2014 at 15:2

M

5

For windows this is a good introduction and guide

Here are some good ssh-agents for systems other than linux.

Windows - pageant
OS X - SSHKeychain

Maltzman answered 11/8, 2008 at 2:1 Comment(0)

Recommended topics

Hot tags