Keyless ssh / ssh-keygen: setup and gotchas
If you ssh into a server a lot, you'll get tired of typing in your password over and over again pretty quickly. Fortunately, you can generate a set of public and private keys on your local client machine, place the public key on the server, and ssh without having to enter a password. Here's how.
1) Generate your keys
jknight@localmachine:~$ ssh-keygen -t rsa (generate an rsa key)
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jknight/.ssh/id_rsa):
Created directory '/home/jknight/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jknight/.ssh/id_rsa.
Your public key has been saved in /home/jknight/.ssh/id_rsa.pub.
The key fingerprint is:
1f:bf:a8:1f:bf:a8:1f:bf:a8:1f:bf:a8:1f:bf:a8:1f jknight@localmachine
jknight@localmachine:~$
2) Find the keys you just created in your home .ssh directory
jknight@localmachine:~$ cd .ssh (go into the new .ssh directory you just created)
jknight@localmachine:~/.ssh$ ls (look for your 2 keys: one private and one public)
id_rsa id_rsa.pub
3) Use scp to put your public key on the server
jknight@localmachine:~/.ssh$ scp id_rsa.pub remoteUserName@remoteserver.com:~/
The authenticity of host 'remoteserver.com (192.168.1.3)' can't be established.
RSA key fingerprint is 65:fe:34:65:fe:34:65:fe:34:65:fe:34:65:fe:34:65.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'remoteserver.com,192.168.1.3' (RSA) to the list of known hosts.
remoteUserName@remoteserver.com's password:
id_rsa.pub 100%
4) ssh on to the server to put your public key in the right place
jknight@localmachine:~/.ssh$ ssh -l remoteUserName remoteserver.com
remoteUserName@remoteserver.com's password:
Linux remoteserver 2.6.17-11-generic #2 SMP Fri May 18 22:25:27 UTC 2007 x86_64
5) Add your public key to the authorized_keys file on the server in the hidden .ssh directory
remoteUserName@remoteserver:~$ mkdir .ssh (if the .ssh directory doesn't exist, create it)
(now for the important steps: ADD your public key to the authorized_keys file ...)
remoteUserName@remoteserver:~/.ssh$ cat id_rsa.pub >> .ssh/authorized_keys
(finally, the big 'gotcha': make sure permissions are correct on the authorized_keys file)
remoteUserName@remoteserver:~/.ssh$ chmod 600 authorized_keys
6) All set?
Open a shell on your local machine, and you should now be able to ssh without typing in a password
jknight@shadowbox:~/.ssh$ ssh -l remoteUserName remoteserver.com
Linux galadriel 2.6.17-11-generic #2 SMP Fri May 18 22:25:27 UTC 2007 x86_64
success!
Notes
These are all equivalent ways to ssh to a server:
ssh -l remoteUserName remoteserver.com
ssh -lremoteUserName remoteserver.com
ssh remoteUserName@remoteserver.com
scp syntax can take some getting used to. To put a file out to a server use the following. You can specify the target file name, or just the directory:
scp /local/path/file.txt remoteUserName@remoteserver.com:/remote/server/path/
scp /local/path/file.txt remoteUserName@remoteserver.com:/remote/server/path/out.txt
To get a file from a remote server, use:
scp remoteUserName@remoteserver.com:/remote/server/path/file.txt /local/file/path
1) Generate your keys
jknight@localmachine:~$ ssh-keygen -t rsa (generate an rsa key)
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jknight/.ssh/id_rsa):
Created directory '/home/jknight/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jknight/.ssh/id_rsa.
Your public key has been saved in /home/jknight/.ssh/id_rsa.pub.
The key fingerprint is:
1f:bf:a8:1f:bf:a8:1f:bf:a8:1f:bf:a8:1f:bf:a8:1f jknight@localmachine
jknight@localmachine:~$
2) Find the keys you just created in your home .ssh directory
jknight@localmachine:~$ cd .ssh (go into the new .ssh directory you just created)
jknight@localmachine:~/.ssh$ ls (look for your 2 keys: one private and one public)
id_rsa id_rsa.pub
3) Use scp to put your public key on the server
jknight@localmachine:~/.ssh$ scp id_rsa.pub remoteUserName@remoteserver.com:~/
The authenticity of host 'remoteserver.com (192.168.1.3)' can't be established.
RSA key fingerprint is 65:fe:34:65:fe:34:65:fe:34:65:fe:34:65:fe:34:65.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'remoteserver.com,192.168.1.3' (RSA) to the list of known hosts.
remoteUserName@remoteserver.com's password:
id_rsa.pub 100%
4) ssh on to the server to put your public key in the right place
jknight@localmachine:~/.ssh$ ssh -l remoteUserName remoteserver.com
remoteUserName@remoteserver.com's password:
Linux remoteserver 2.6.17-11-generic #2 SMP Fri May 18 22:25:27 UTC 2007 x86_64
5) Add your public key to the authorized_keys file on the server in the hidden .ssh directory
remoteUserName@remoteserver:~$ mkdir .ssh (if the .ssh directory doesn't exist, create it)
(now for the important steps: ADD your public key to the authorized_keys file ...)
remoteUserName@remoteserver:~/.ssh$ cat id_rsa.pub >> .ssh/authorized_keys
(finally, the big 'gotcha': make sure permissions are correct on the authorized_keys file)
remoteUserName@remoteserver:~/.ssh$ chmod 600 authorized_keys
6) All set?
Open a shell on your local machine, and you should now be able to ssh without typing in a password
jknight@shadowbox:~/.ssh$ ssh -l remoteUserName remoteserver.com
Linux galadriel 2.6.17-11-generic #2 SMP Fri May 18 22:25:27 UTC 2007 x86_64
success!
Notes
These are all equivalent ways to ssh to a server:
ssh -l remoteUserName remoteserver.com
ssh -lremoteUserName remoteserver.com
ssh remoteUserName@remoteserver.com
scp syntax can take some getting used to. To put a file out to a server use the following. You can specify the target file name, or just the directory:
scp /local/path/file.txt remoteUserName@remoteserver.com:/remote/server/path/
scp /local/path/file.txt remoteUserName@remoteserver.com:/remote/server/path/out.txt
To get a file from a remote server, use:
scp remoteUserName@remoteserver.com:/remote/server/path/file.txt /local/file/path