{"id":3927,"date":"2023-09-21T20:25:22","date_gmt":"2023-09-21T20:25:22","guid":{"rendered":"https:\/\/geekmungus.co.uk\/?p=3927"},"modified":"2024-01-14T16:55:22","modified_gmt":"2024-01-14T16:55:22","slug":"quick-guide-ssh-public-key-authentication-ubuntu-linux","status":"publish","type":"post","link":"https:\/\/geekmungus.co.uk\/?p=3927","title":{"rendered":"Quick Guide – SSH Public Key Authentication (Ubuntu Linux)"},"content":{"rendered":"\n

A quick guide to setting up SSH Public Key Authentication. SSH Public Key Authentication means you can authenticate to a remove server via SSH without needing to enter your username and password. Instead you create a public-private key pair, then place the public key on the target server. Then when you SSH to the server you the challenge requires something that could have only been generated by your private key and therefore de-encrypted with your public key so as to verify you are authentic.<\/p>\n\n\n\n

These instructions are quick, basic and provide the bear minimum, there’s lots of other things you can do but this article just intends to give you the basics to get you started.<\/p>\n\n\n\n

Create SSH Key Pair<\/h2>\n\n\n\n
ssh-keygen -t rsa<\/code><\/pre>\n\n\n\n
You’ll be prompted for a filename, if you just accept the default for now: ~\/.ssh\/id_rsa<\/strong> and ~\/.ssh\/id_rsa.pub<\/strong>.<\/p>\n\n\n\n
You may also generate a passphrase for your keypair, however you may also choose not to, this might be desirable if you are using the keys in an automatic process where there is nobody to type in the passphrase each time.<\/p>\n\n\n\n
Copy the Public Key<\/h2>\n\n\n\n
We’ll assume you already have an account on the target server, so you’ll need to copy that key to the remote server.<\/p>\n\n\n\n
scp ~\/.ssh\/id_rsa.pub myuser@server.domain.com:<\/code><\/pre>\n\n\n\n
Or, you can also copy with the ssh-copy-id command as follows:<\/p>\n\n\n\n
ssh-copy-id -i ~\/.ssh\/id_rsa.pub user@host<\/code><\/pre>\n\n\n\n
Configure SSH Public Key Authentication<\/h2>\n\n\n\n
Now for the final steps, if your target server does not already contain a ~\/.ssh\/authorized_keys file, create one as follows:<\/p>\n\n\n\n
mkdir -p ~\/.ssh\ntouch ~\/.ssh\/authorized_keys<\/code><\/pre>\n\n\n\n
Now add your Public Key to the authorized_keys file thusly:<\/p>\n\n\n\n
cat ~\/id_rsa.pub >> ~\/.ssh\/authorized_keys<\/code><\/pre>\n\n\n\n
You can now delete the id_rsa.pub file if you so wish, the key has now been added to the authorized_keys file, so the public key file isn’t needed anymore.<\/p>\n\n\n\n
Give it a Test!<\/h2>\n\n\n\n
From your client machine you can now run:<\/p>\n\n\n\n
ssh myuser@servername.domain.com<\/code><\/pre>\n\n\n\n
If you specified a passphrase you’ll now be prompted, otherwise you should fine you’re logged in as the correct user and at the BASH prompt, all without entering your username and password.<\/p>\n\n\n\n
If you need to specify the key file you can also use:<\/p>\n\n\n\n
ssh -i ~\/.ssh\/id_rsa myuser@servername.domain.com<\/code><\/pre>\n\n\n\n
As mentioned earlier, there’s plenty more to do with this, you can find out more:<\/p>\n\n\n\n
https:\/\/kb.iu.edu\/d\/aews<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
A quick guide to setting up SSH Public Key Authentication. SSH Public Key Authentication means you can authenticate to a remove server via SSH without needing to enter your username and password. Instead you create a public-private key pair, then place the public key on the target server. Then when you SSH to the server … Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,22],"tags":[],"class_list":["post-3927","post","type-post","status-publish","format-standard","hentry","category-linux","category-security"],"_links":{"self":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3927","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3927"}],"version-history":[{"count":5,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3927\/revisions"}],"predecessor-version":[{"id":4038,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3927\/revisions\/4038"}],"wp:attachment":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3927"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3927"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3927"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}