This article presents a secure method for logging into remote servers using private/public key-based SSH connections. The public key serves as the keyhole on the remote server, while the private key acts as the key that securely unlocks it, allowing access to the remote server.
Generating SSH Private and Public Keys on Local MachinePermalink
- We first need to generate private and public keys. We use the following commands in the terminal:
$ ssh-keygen -t RSA
Info.
-t
indicates the type of the key we want to generate, where we use RSA public-key cryptosystem. - Press Enter to generate keys under
/home/[username]/.ssh
(macOS and Ubuntu) orC:\Users\[username]\.ssh
(Windows), and type the passphrase needed for protect the private key. - Then, use
ls .ssh
command to make sureid_rsa
(private) andid_rsa.pub
(public) key files are stored under the.ssh
folder. - (macOS and Ubuntu) Make sure permissions are right with the following commands:
$ sudo chmod 700 ~/.ssh $ sudo chmod 600 ~/.ssh/id_rsa $ sudo chmod 644 ~/.ssh/id_rsa.pub
Copying Public Key to Remote ServersPermalink
In this step, we copy the generated public key to remote servers that we want to connect via SSH without a password.
- In the local machine, use the following command to append the generated public key to
~/.ssh/authorized_keys
of the remote server.$ ssh-copy-id <username>@<remote domain or IP> -p <port_number>
- In the remote server, be sure
~/.ssh/authorized_keys
have permission 644.$ sudo chmod 644 ~/.ssh/authorized_keys
Adding Private key to SSH Authentication Agent on Local MachinePermalink
Now, in the local machine, we need to add the private key to the SSH authentication agent, allowing us to log into remote servers without a password.
- Type the following command to add the key to the ssh-agent.
$ ssh-add
- Info. Useful ssh-agent commands
eval `ssh-agent -s`
starts the ssh-agent in the background.ssh-add -L`
to list any keys that are held by the ssh agent.
- Info. Useful ssh-agent commands
⚠️ SSH Still Asking for Password?Permalink
If ssh still requires a password, it is mainly related to permission of the .ssh
folder and files inside it.
The followings solved the issue for me.
PermissionPermalink
- local machine (macOS and Ubuntu)
~/.ssh
: 700~/.ssh/id_rsa
: 600~/.ssh/id_rsa.pub
: 644~/.ssh/config
: 644
- remote server
~/.ssh/authorized_keys
: 644
SSH configuration on remote serverPermalink
- open up
/etc/ssh/sshd_confg
and make sure following properties are set.StricModes no
PubkeyAuthentication yes
PasswordAuthentication yes
Leave a comment