Pete Freitag Pete Freitag

Setting up public key authentication over SSH

Updated on May 27, 2020
By Pete Freitag
linuxmiscapple

Every time I want to setup public key authentication over SSH, I have to look it up, and I've never found a simple guide, so here's mine.

Generate key on local machine

ssh-keygen -t rsa

It will ask you for a password but you can leave it blank.

Note you could also pick -t dsa if you prefer.

Ensure that the remote server has a .ssh directory

Make sure the server your connecting to has a .ssh directory in your home directory. If it doesn't exist you can run the ssh-keygen command above, and it will create one with the correct permissions.

Copy your local public key to the remote server

If your remote server doesn't have a file called ~/.ssh/authorized_keys2 then we can create it. If that file already exists, you need to append to it instead of overwriting it, which the command below would do:

scp ~/.ssh/id_rsa.pub remote.server.com:.ssh/authorized_keys2

Now ssh to the remote server

Now you can ssh to the remote server without entering your password.

Security

Now keep in mind that all someone needs to login to the remote server, is the file on your local machine ~/.ssh/id_rsa, so make sure it is secure.

To keep up to date on the latest OpenSSH vulnerabilities, try stack.watch.



ssh authentication rsa unix

Setting up public key authentication over SSH was first published on January 18, 2006.

If you like reading about ssh, authentication, rsa, or unix then you might also like:

Weekly Security Advisories Email

Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).

Comments

I followed the instructions but when i try to access the server
ssh remote-server it is still asking for a passowrd. Does the username on the localmachine and the remote need to match.

Thanks a million
Nav
by Nav on 06/19/2006 at 9:27:42 AM UTC
Instead of doing the scp try this (worked for me):

cat ~/.ssh/id_dsa.pub | ssh [email protected] "cat - >> ~/.ssh/authorized_keys"
by Steven Ross on 10/09/2006 at 2:53:41 PM UTC
Thanks for the simple, straightforward tutorial. I hate looking through pages of text just to find out how to do something simple.
by Jonathan Haddad on 12/16/2006 at 1:04:01 PM UTC
I do not know if this command is available for Apple systems but most linux distros have a very quick way to do the "Copy your local public key to the remote server" step.
ssh-copy-id -i id_rsa.pub user@host
by Ernesto Espinosa on 09/25/2007 at 2:25:12 PM UTC
How would i go about doing this in a php script.

So all i have to do is like input machine details and have it send the ssh key over to the remote machine automatically. i can code it in just having a problem, when i run scp filename user@ip:.ssh . How do i send the password via the php script when it asks. I tried doing a system command with the password but it doesn't work. Nor does it produce any kinda output.

I am using the System() Php Function.
by Lottor on 04/05/2008 at 7:23:07 AM UTC
Worked for me only after I ran on the host, even though there was already a .ssh directory. Great tutorial. Thanks!
by JT on 01/10/2009 at 4:19:18 PM UTC
Very good tutorial, straight to the point. I've used and worked without problems
by Jose Luis on 03/30/2009 at 10:56:25 AM UTC
Good guide, but found the file on server needed to be authorized_keys (not authorized_keys2).

Also, in response to harry who commented that there is no need to secure the file because it's a public key: You absolutely need to make sure this file is at least not writable by any other users (or they can simply append their keys to the file). As for why it shouldn't be readable by other users, that's just the first rule of security. If they don't need access, they don't have access.
by Rhys on 02/14/2010 at 3:42:10 PM UTC
Thanks Harry, this was just the quick reference I was looking for. Like Rhys though, I was wondering why you used authorized_keys2, rather than authorized_keys?

Anyway, cheers.
by Alex Gibbons on 03/26/2010 at 6:38:50 AM UTC
Correcct command
scp ~/.ssh/id_rsa.pub remote.server.com:~/.ssh/authorized_keys2
by Oleg on 11/19/2010 at 8:16:33 AM UTC
The 1st factor which is noticed concerning the Spanish Language course will be the tediousness of the lessons. The vocabulary words are given in blocks of 4 for ease of memorization, but they're repeated continually throughout the rest of the plan. Sadly, the monotony of the plan can trigger a user to drift off throughout the course of the lesson and miss some crucial points.
by JerryLR on 12/28/2010 at 3:50:48 PM UTC
not sure that I have done this correct I have the keys in /home/admin/.shh/authorized_keys
what goes in the /etc/sshd_config file and where does it go please
I have chmod 600 the files in .ssh

thanks
tim
by tim smy on 03/02/2011 at 5:34:47 PM UTC
Worked on my Snow Leopard install and Fedora Linux box. BUT, needed to do this to get it to work - thanks Niel!

server$ chmod 700 ~/.ssh server$ chmod 600 ~/.ssh/authorized_keys
by aeht on 03/18/2011 at 3:18:37 AM UTC
make sure the permissions for
./ssh - 700
~/.ssh/authorized_keys - 644
by Jayaprakash on 04/29/2011 at 5:52:20 AM UTC
sial.org/howto/openssh/publickey-auth/ isn't anymore, i stored an archive of the page here : http://freelancis.net/ressources/ssh/pka
by gaspard on 05/12/2011 at 7:39:52 AM UTC
guys,

regarding authorized_keys or authorized_keys2 .. please check your sshd server config file , i.e. /etc/ssh/sshd_config , prameter AuthorizedKeysFile. It will tell you what file your sshd server is using:)))
by Peter on 10/20/2011 at 5:49:52 PM UTC