Setting up public key authentication over SSH

applelinuxmisc

Every time I want to setup public key authentication over SSH, I have to look it up, and I've never found a simple guide, so here's mine.

Generate key on local machine

ssh-keygen -t rsa

It will ask you for a password but you can leave it blank.

Note you could also pick -t dsa if you prefer.

Ensure that the remote server has a .ssh directory

Make sure the server your connecting to has a .ssh directory in your home directory. If it doesn't exist you can run the ssh-keygen command above, and it will create one with the correct permissions.

Copy your local public key to the remote server

If your remote server doesn't have a file called ~/.ssh/authorized_keys2 then we can create it. If that file already exists, you need to append to it instead of overwriting it, which the command below would do:

scp ~/.ssh/id_rsa.pub remote.server.com:.ssh/authorized_keys2

Now ssh to the remote server

Now you can ssh to the remote server without entering your password.

Security

Now keep in mind that all someone needs to login to the remote server, is the file on your local machine ~/.ssh/id_rsa, so make sure it is secure.



Related Entries

38 people found this page useful, what do you think?

Trackbacks

Trackback Address: 532/EABFAC8EEFCABC97AF32A72ADCFEA39A

Comments

On 06/19/2006 at 9:27:42 AM UTC Nav wrote:
1
I followed the instructions but when i try to access the server ssh remote-server it is still asking for a passowrd. Does the username on the localmachine and the remote need to match.

Thanks a million Nav

On 09/15/2006 at 10:47:37 AM UTC dan wrote:
2
I too followed the instructions and have to still enter a password =(

any help would be appreciated.

thanks, Dan

On 10/02/2006 at 6:21:12 AM UTC Alex wrote:
3
You need authorization and identification files created there as well... identification contains line like IdKey _private_key_file_name_here_

authorization contains line like Key _private_key_file_name_here_

HTH, Alex

On 10/09/2006 at 2:53:41 PM UTC Steven Ross wrote:
4
Instead of doing the scp try this (worked for me):

cat ~/.ssh/id_dsa.pub | ssh someguy@somesite.com "cat - >> ~/.ssh/authorized_keys"

On 10/09/2006 at 8:42:24 PM UTC Nav wrote:
5
As the tutorial says run ssh-keygen command if .ssh doesnt exist in your home directory on the server. It didnt work when i created .ssh myself.

On 12/16/2006 at 1:04:01 PM UTC Jonathan Haddad wrote:
6
Thanks for the simple, straightforward tutorial. I hate looking through pages of text just to find out how to do something simple.

On 05/03/2007 at 3:53:20 AM UTC Adrian wrote:
7
it's work.. example is very simple to understand

On 09/17/2007 at 8:38:49 PM UTC Mick wrote:
8
Hi, Thanks for a quick simple guide. I understood what I needed to do, just couldn't find a quick simple guide on doing it until I saw this. Great work.

On 09/25/2007 at 2:25:12 PM UTC Ernesto Espinosa wrote:
9
I do not know if this command is available for Apple systems but most linux distros have a very quick way to do the "Copy your local public key to the remote server" step. ssh-copy-id -i id_rsa.pub user@host

On 01/28/2008 at 3:09:41 PM UTC Greatful wrote:
10
Worked like a charm on Leopard, thanks!

On 03/01/2008 at 3:17:46 AM UTC anon wrote:
11
if it doesn't work, perhaps you need to reconfigure the /etc/ssh/ssh_config file for Public Key authentication

On 04/02/2008 at 12:50:28 AM UTC Chris wrote:
12
For those who find it still asks for a password, one thing this tutorial forgets is that on the server you need to ensure the permissions of ~/.ssh and ~/.ssh/authorized_keys are secure:

server$ chmod 700 ~/.ssh server$ chmod 600 ~/.ssh/authorized_keys

That should sort out most problems. More info here: http://sial.org/howto/openssh/publickey-auth/

On 04/02/2008 at 12:51:15 AM UTC Chris wrote:
13
Whoops, there should have been a line-break there:

server$ chmod 700 ~/.ssh server$ chmod 600 ~/.ssh/authorized_keys

On 04/05/2008 at 7:23:07 AM UTC Lottor wrote:
14
How would i go about doing this in a php script.

So all i have to do is like input machine details and have it send the ssh key over to the remote machine automatically. i can code it in just having a problem, when i run scp filename user@ip:.ssh . How do i send the password via the php script when it asks. I tried doing a system command with the password but it doesn't work. Nor does it produce any kinda output.

I am using the System() Php Function.

On 05/07/2008 at 11:08:05 PM UTC Appreciative wrote:
15
Came here after following other directions that didn't work.

On 10/08/2008 at 11:59:47 AM UTC imneo wrote:
16
here is script that does it for you automatically

http://www.ssh-key-authentication.com

On 01/10/2009 at 4:19:18 PM UTC JT wrote:
17
Worked for me only after I ran on the host, even though there was already a .ssh directory. Great tutorial. Thanks!

On 03/20/2009 at 5:49:15 AM UTC linuxadmin wrote:
18
Hi, if you want to configure ssh passwordless authentication,we can use following articale http://online-linux.blogspot.com/2009/03/enable-passwordless-authentication-with.html

On 03/30/2009 at 10:56:25 AM UTC Jose Luis wrote:
19
Very good tutorial, straight to the point. I've used and worked without problems

On 05/17/2009 at 5:55:35 AM UTC Ptolemy wrote:
20
Many thanks for the tutorial. It was easy to follow and to the point.

On 06/09/2009 at 5:08:13 AM UTC Kaan wrote:
21
This works... Thank you, it used to be soo complex for me before, now I can login all my servers.

On 07/23/2009 at 8:42:06 AM UTC Anonymous wrote:
22
Thanks allot it works fine for me.

On 11/06/2009 at 3:17:41 AM UTC harry wrote:
23
there is nothing really private in the authorized_keys file because, in fact, its a public key so there is no need for that chmod

On 01/03/2010 at 11:23:00 PM UTC Phil wrote:
24
This is by far the best guide I've seen. I too get confused by other guides.

On 02/03/2010 at 11:14:12 AM UTC Anonymous wrote:
25
DANGEROUS command!

It will overwrite already excising keys on the destination server.

ssh_copy_id user@remote.server.com is the best way

On 02/03/2010 at 11:15:17 AM UTC Anonymous wrote:
26
err: ssh-copy-id

On 02/14/2010 at 3:42:10 PM UTC Rhys wrote:
27
Good guide, but found the file on server needed to be authorized_keys (not authorized_keys2).

Also, in response to harry who commented that there is no need to secure the file because it's a public key: You absolutely need to make sure this file is at least not writable by any other users (or they can simply append their keys to the file). As for why it shouldn't be readable by other users, that's just the first rule of security. If they don't need access, they don't have access.

On 03/26/2010 at 6:38:50 AM UTC Alex Gibbons wrote:
28
Thanks Harry, this was just the quick reference I was looking for. Like Rhys though, I was wondering why you used authorized_keys2, rather than authorized_keys?

Anyway, cheers.

On 03/29/2010 at 11:25:03 AM UTC Anonymous wrote:
29
To those that still receive the password prompt. Make sure you are specifying the private key rather than the public key when logging in.

On 05/03/2010 at 11:58:36 PM UTC simon wrote:
30
thanks for posting this - worked great for me after spending 15 min googling in circles..

On 11/19/2010 at 8:16:33 AM UTC Oleg wrote:
31
Correcct command scp ~/.ssh/id_rsa.pub remote.server.com:~/.ssh/authorized_keys2

On 12/01/2010 at 9:37:04 AM UTC jeroen wrote:
32
Thanks for the guide!It helped me out realy well...

On 12/28/2010 at 3:50:48 PM UTC JerryLR wrote:
33
The 1st factor which is noticed concerning the Spanish Language course will be the tediousness of the lessons. The vocabulary words are given in blocks of 4 for ease of memorization, but they're repeated continually throughout the rest of the plan. Sadly, the monotony of the plan can trigger a user to drift off throughout the course of the lesson and miss some crucial points.

On 01/03/2011 at 6:28:21 PM UTC masen wrote:
34
pete you're right, I always have to look this up too. thankfully your page is first on google for: ssh public key auth

On 02/09/2011 at 12:45:02 PM UTC kcjaph wrote:
35
I always forget how to do this.. worked first shot! Thanks!

On 02/23/2011 at 4:59:12 PM UTC delta1 wrote:
36
if you don't reboot you probably need to ssh-add after doing ssh-keygen

On 03/01/2011 at 10:45:49 PM UTC Neil wrote:
37
Thanks Chris, Having the right permission of 600 and 700 definitely fixed the issue.

"For those who find it still asks for a password, one thing this tutorial forgets is that on the server you need to ensure the permissions of ~/.ssh and ~/.ssh/authorized_keys are secure:

server$ chmod 700 ~/.ssh server$ chmod 600 ~/.ssh/authorized_keys

That should sort out most problems. More info here: http://sial.org/howto/openssh/publickey-auth/ "

On 03/02/2011 at 5:34:47 PM UTC tim smy wrote:
38
not sure that I have done this correct I have the keys in /home/admin/.shh/authorized_keys what goes in the /etc/sshd_config file and where does it go please I have chmod 600 the files in .ssh

thanks tim

On 03/18/2011 at 3:18:37 AM UTC aeht wrote:
39
Worked on my Snow Leopard install and Fedora Linux box. BUT, needed to do this to get it to work - thanks Niel!

server$ chmod 700 ~/.ssh server$ chmod 600 ~/.ssh/authorized_keys

On 04/29/2011 at 5:52:20 AM UTC Jayaprakash wrote:
40
make sure the permissions for ./ssh - 700 ~/.ssh/authorized_keys - 644

On 05/12/2011 at 7:39:52 AM UTC gaspard wrote:
41
sial.org/howto/openssh/publickey-auth/ isn't anymore, i stored an archive of the page here : http://freelancis.net/ressources/ssh/pka

On 07/14/2011 at 7:46:06 PM UTC Gero wrote:
42
Dude, what do you mean when you say ~/.ssh/authorized_keys2? It should be "authorized_keys" without the "2".

And as some of the other guys pointed out: Be careful not to overwrite an existing file, but concat the new public key to the end of it, e.g. with cat ... >>.

On 08/14/2011 at 4:12:02 PM UTC Frank wrote:
43
Thanks for the instructions, works very good!

On 10/20/2011 at 5:49:52 PM UTC Peter wrote:
44
guys,

regarding authorized_keys or authorized_keys2 .. please check your sshd server config file , i.e. /etc/ssh/sshd_config , prameter AuthorizedKeysFile. It will tell you what file your sshd server is using:)))

On 08/02/2012 at 2:57:28 PM UTC Anonymous wrote:
45
On server1 zue$ ssh zue@server2 ----- working

root$ ssh root@server2 ----- not working

Post a Comment




  



Spell Checker by Foundeo

Recent Entries



foundeo


did you hack my cf?