Quick Guide – SSH Public Key Authentication (Ubuntu Linux)

Linux Security

A quick guide to setting up SSH Public Key Authentication. SSH Public Key Authentication means you can authenticate to a remove server via SSH without needing to enter your username and password. Instead you create a public-private key pair, then place the public key on the target server. Then when you SSH to the server you the challenge requires something that could have only been generated by your private key and therefore de-encrypted with your public key so as to verify you are authentic.

These instructions are quick, basic and provide the bear minimum, there’s lots of other things you can do but this article just intends to give you the basics to get you started.

Create SSH Key Pair

ssh-keygen -t rsa

You’ll be prompted for a filename, if you just accept the default for now: ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub.

You may also generate a passphrase for your keypair, however you may also choose not to, this might be desirable if you are using the keys in an automatic process where there is nobody to type in the passphrase each time.

Copy the Public Key

We’ll assume you already have an account on the target server, so you’ll need to copy that key to the remote server.

scp ~/.ssh/id_rsa.pub myuser@server.domain.com:

Or, you can also copy with the ssh-copy-id command as follows:

ssh-copy-id -i ~/.ssh/id_rsa.pub user@host

Configure SSH Public Key Authentication

Now for the final steps, if your target server does not already contain a ~/.ssh/authorized_keys file, create one as follows:

mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys

Now add your Public Key to the authorized_keys file thusly:

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

You can now delete the id_rsa.pub file if you so wish, the key has now been added to the authorized_keys file, so the public key file isn’t needed anymore.

Give it a Test!

From your client machine you can now run:

ssh myuser@servername.domain.com

If you specified a passphrase you’ll now be prompted, otherwise you should fine you’re logged in as the correct user and at the BASH prompt, all without entering your username and password.

If you need to specify the key file you can also use:

ssh -i ~/.ssh/id_rsa myuser@servername.domain.com

As mentioned earlier, there’s plenty more to do with this, you can find out more:

https://kb.iu.edu/d/aews

Leave a Reply

Your email address will not be published. Required fields are marked *