A quick guide to setting up SSH Public Key Authentication. SSH Public Key Authentication means you can authenticate to a remove server via SSH without needing to enter your username and password. Instead you create a public-private key pair, then place the public key on the target server. Then when you SSH to the server you the challenge requires something that could have only been generated by your private key and therefore de-encrypted with your public key so as to verify you are authentic.
These instructions are quick, basic and provide the bear minimum, there’s lots of other things you can do but this article just intends to give you the basics to get you started.
Create SSH Key Pair
ssh-keygen -t rsa
You’ll be prompted for a filename, if you just accept the default for now: ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub.
You may also generate a passphrase for your keypair, however you may also choose not to, this might be desirable if you are using the keys in an automatic process where there is nobody to type in the passphrase each time.
Copy the Public Key
We’ll assume you already have an account on the target server, so you’ll need to copy that key to the remote server.
scp ~/.ssh/id_rsa.pub myuser@server.domain.com:
Or, you can also copy with the ssh-copy-id command as follows:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
Configure SSH Public Key Authentication
Now for the final steps, if your target server does not already contain a ~/.ssh/authorized_keys file, create one as follows:
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
Now add your Public Key to the authorized_keys file thusly:
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
You can now delete the id_rsa.pub file if you so wish, the key has now been added to the authorized_keys file, so the public key file isn’t needed anymore.
Give it a Test!
From your client machine you can now run:
ssh myuser@servername.domain.com
If you specified a passphrase you’ll now be prompted, otherwise you should fine you’re logged in as the correct user and at the BASH prompt, all without entering your username and password.
If you need to specify the key file you can also use:
ssh -i ~/.ssh/id_rsa myuser@servername.domain.com
As mentioned earlier, there’s plenty more to do with this, you can find out more: