Secure Shell (SSH) public key authentication can be used by a client to access servers, if properly configured. Password free logins benefit remote access and automation, for example if administering many servers or accessing version control software over SSH. Below, I’ll show how to enable a ssh-agent to allow for passphrase-free logins.
Client: the system one types directly on, such as a laptop or desktop system. Usually this is maching which are using
Server: anything connected to from the client. This includes other servers accessed through the first server connected to. Usually this is maching is is in remote.
1. Generate RSA key pair in client.
$ mkdir ~/.ssh $ ssh-keygen -q -f ~/.ssh/id_rsa -t rsa
It will ask you passphrase If you are using public login for auto-login system e.g. crontab task, don’t use any passphrase.
(Execute line if if not ~/.ssh directory exists. )
2) Fix the permission (optional)
$ chmod go-w ~/ $ chmod 700 ~/.ssh $ chmod go-rwx ~/.ssh/*
3) Key distribution (upload public key to server)
a. Move id_rsa.pub to server (user’s home directory)
$ scp .ssh/id_rsa.pub user@yourserver.com:~/
b. Check, if ~/.ssh exists, if not create it ($mkdir ~/.ssh && chmod 700 ~/.ssh)
c. Copy key into authorized_keys
$ cat id_rsa.pub >> .ssh/authorized_keys
(Note: you can avoide 3a-3c by one command
$ ssh-copy-id -i ~/.ssh/id_rsa.pub username@mystery)
Check if server support public login system.
ssh -o PreferredAuthentications=publickey user@yourserver.com
Hurry!
Application:
- Auto login within trusted network (not having to type user name and password each time)
- Useful while taking automated backup server to server.
- Copying large number of files from one computer to anuther using SCP.
More readings:
- https://help.ubuntu.com/community/SSH/OpenSSH/Keys
- https://help.ubuntu.com/8.04/serverguide/C/openssh-server.html
