How to Put an SSH Key Into a Linux Box to Log On
SSH is the Secure SHell, a secure replacement for the remote shell (rsh) previously used to log in to remote Unix systems. It offers secure, encrypted access to a remote machine for executing commands. One method of authentication for SSH is public key authentication. This works by having a public/private key pair. The private key is used to create a signature for a message, and the public key can be used to verify that the message was not tampered with in transit. The private key must be used to sign messages; the public key can only verify the signature. Thus the public key can be safely distributed, while the private key should be accessible only by authorized users. Using public keys can allow secure access to a remote computer without the use of a password.
Other People Are Reading
Instructions
-
-
1
Create the public/private key pair using "ssh-keygen". Open a command prompt on the client computer and run "ssh-keygen". This will generate by default a 2048-bit RSA key pair. It will prompt you for a location to save the key; note this location as you will need it later. Press enter twice to skip creating a passphrase. Using a passphrase makes the key more secure, but requires entering the passphrase to use it.
-
2
Copy the public key to the server. DO NOT copy the private key. Find the file noted previously (e.g. /home/user/.ssh/id_rsa); this is your private key. There should also be a file with the same name and a ".pub" extension (e.g. /home/user/.ssh/id_rsa.pub); this is your public key. Copy the public key to the server (e.g. scp /home/user/.ssh/id_rsa.pub server.example.com:/home/user/.ssh/client.pub).
-
-
3
Add the client's public key to the server's authorized keys file. On the server, there should be a file called /home/user/.ssh/authorized_keys2. This file will probably not exist if this is the first time you have set up a public key. The following command will create the file (or append if the file already exists) and add the contents of the client's public key to the file: "cat client.pub >> authorized_keys2". If you prefer, you can use a text editor to create the file and copy the contents of the client's public key file as a new line.
-
4
Set permissions on the authorized keys file to be readable only by the owner. Open a command prompt on the server and type "cd ~/.ssh". Then type "chmod 600 authorized_keys2". This will set the permissions correctly so SSH will allow this file to be used.
-
5
Test the configuration. On the client, attempt to connect to the remote server using the "ssh" client command (e.g. "ssh server.example.com"). You should be able to log in without being prompted for a password. If you are prompted, verify that everything is configured properly and try again.
-
1
Tips & Warnings
Private keys and the "authorized_keys2" file should be readable only by the owner. If the file permissions are not set correctly, SSH will silently fall back to password login. These instructions assume that the usernames are the same on both client and server.
Using a private key with no passphrase allows anyone with access to the key to log in to the remote system. A compromised private key can allow unauthorized access to the remote system; be sure to restrict its access. Never set up key-based access for root, since this is a security vulnerability.
