SSH authentication with your public key

Posted on May 3, 2008 by Steven

I can see that you are lazy, and I know how hard it is to type an user name and password each time you want to login via SSH on a server.

Today, we are going to learn how to configure your computer and a server to allow automatic SSH authentications using your public RSA key. Less work = More fun!

Configuration on your computer:

As your normal user, open a terminal and type ssh-keygen

It will ask you some questions, you can simply press enter to acknowledge the default choices. You don’t need to enter a password here if you don’t want to be asked for it at each login on the server, it’s not a security flaw. The output should be something like that:

[Steven@HP6710 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/Steven/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/Steven/.ssh/id_rsa.
Your public key has been saved in /home/Steven/.ssh/id_rsa.pub.

The important thing is that you have 2 new files in your user/.ssh directory.

  • id_rsa is your private key, you should NEVER give it away.
  • id_rsa.pub on the other side is your public key, the one that you can give away.

Configuration on the server:

As the user you wish to be logged in (let’s say root), also run the ssh-keygen command to create the /root/.ssh directory. Now go to your /root/.ssh directory and create a text file named authorized_keys2. Copy the content of your computer’s public key file (id_rsa.pub on HP6710) to this file and save it.

Job done, now you can run ssh root@server from your computer and it will log you in automagically :)

This entry was posted in CentOS, Fedora. Bookmark the permalink.

5 Responses to SSH authentication with your public key

  1. Scott Dodson says:
    May 3, 2008 at 15:26

    ssh-copy-id -i ~/.ssh/id_rsa.pub user@somehost

    will attempt to copy the key for you.

  2. Steven says:
    May 3, 2008 at 18:09

    Thanks for the tip :)

  3. Chris Tyler says:
    May 3, 2008 at 20:30

    Not putting a passphrase on your key does have a security implication: if your account on the client (your computer) is compromised, your account on the server is also compromised. Using a passphrase provides a middle ground: you’ll be prompted only once per client-side login session instead of every time you connect to the server, and you will have some protection against a cascading account compromise.

  4. Steven says:
    May 3, 2008 at 20:33

    True, but keeping your private key safe is another story :p

  5. Chris says:
    May 4, 2008 at 21:01

    Logging in to ssh as root is bad practice. Better to advise people to use a shared public key on their standard user account, disallow root login through ssh, and then use su to become root once logged in as the standard user.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>