OpenSSH | Password-less remote login with private/public keys

OpenSSH | Password-less remote login with private/public keys

When accessing remote servers, you often do not want to type out your password ever time.  In order to avoid this you need to set up public and private keys.  These keys will authenticate you and will allow you to login to remote server with out the need to type in your password.

To get started, on your local machine run ssh-keygen command.  This command will generate your public and private key files.  It will first ask you for the location of where you want to save the key.  It will give you a default file name of ~/.ssh/id_rsa and this is the default file name that the ssh program will look at for a private key if none are specified as a command line argument.  Unless you only have one server to connect to, change this name to something else but keep the file inside of your ~/.ssh directory.  I usually choose the file name to be the name of the remote server.  So, for example if I am going to be creating keys for, I would start off by doing the following:

It will then ask you for a passphrase, just press enter and and then when it asks for the same passphrase again just press enter again.

It will then display some information on the screen and return you to your command prompt.

Now, if you look inside your ~/.ssh file you will see your public and private key, your public key ends in .pub.

Notice how the permissions on the files are set.  The private key foo is only readable and writable by you, however everyone can read your public key.

The next step is to transfer your public key to the remote sever, so for this example we want to transfer ~/.ssh/ to the remote server.

I simply use the scp command giving it the location of my local file and then the user@hostname:path.

In order for the remote server to know which keys are allowed, the public keys need to be placed in the file ~/.ssh/authorized_keys2, to do this we can run ssh and then give it a remote command to run.

The above command tells the ssh command to first login to the remote server and then cat out our public key and append it to the authorized_keys2 file.

After this, we should be all set. If you run into any issues with the authorized_keys2 file, check its permissions and  make sure that its only readable and writable by you and no one else.

Finally, to login to the server we run the same ssh command as before but we pass it out private key as a command line argument.

This can be made even simpler by creating a ~/.ssh/config file and specifying a server alias with a associated identity file (private key).  Take a look at my previous post to read about how to do that.

Comments are closed.