Updated on October 16, 2016
SSH Key Authentication
If you are working with SSH a lot, it might be useful to generate a keypair, and setup the public key on your remote server, so you can easily login without needing to enter a password every time you connect.
A keypair consists of 2 files, by default they are located in ~/.ssh and are called:
- id_rsa (private key, never give this to anyone, and never put in on any public location)
- id_rsa.pub (public key, this key is meant to be configured on the server you would like to access)
Step 1. Generating a keypair with ssh-keygen:
If you don’t have a keypair yet, or want to generate a new one for this specific server, you should open terminal and enter: ssh-keygen and press enter.
Note: If you already have a keypair don’t use the default location, or it will replace your current private & public key
Enter the filename in which you would like to save the file, I’m using test for this demo purpose, press enter.
After this you will be prompted to add a passphrase, this is optional.
As you can see my test certificate has been generated.
In order to be able to connect to hour server without a password next time, we need to get the contents of the public key, and add it to the autorized_keys file on the server.
On your client terminal you can use cat to output the public key contents:
Just copy and paste the output
Login to your server as you normally would (with your credentials) and paste the public key into ~/.ssh/authorized_keys if the file doesnt exist it will be created by calling
whatever you prefer 🙂
To doublecheck if your server config is setup correctly you can check the config file sshd_config with vim or nano (if you can’t find it use locate sshd_config)
the following lines should be present in the config file:
If they are not you can add them at the bottom, and restart your sshd server with the following command:
- If you used a different name for your public and private key (so not the default id_rsa) you will need to add an entry to your ~/.ssh/config so terminal knows which identity file to use for you server.
an entry would look like:
Note that you point to the private keyfile here.
- If you are having trouble using your keys, make sure your private keyfile is readonly for you (chmod 600 ~/.ssh/id_rsa)