This article presents a secure method for logging into remote servers using private/public key-based SSH connections. The public key serves as the keyhole on the remote server, while the private key acts as the key that securely unlocks it, allowing access to the remote server.

Generating SSH Private and Public Keys on Local Machine

  • We first need to generate private and public keys. We use the following commands in the terminal:
     $ ssh-keygen -t RSA
    

    Info. -t indicates the type of the key we want to generate, where we use RSA public-key cryptosystem.

  • Press Enter to generate keys under /home/[username]/.ssh (macOS and Ubuntu) or C:\Users\[username]\.ssh (Windows), and type the passphrase needed for protect the private key.
  • Then, use ls .ssh command to make sure id_rsa (private) and id_rsa.pub (public) key files are stored under the .ssh folder.
  • (macOS and Ubuntu) Make sure permissions are right with the following commands:
     $ sudo chmod 700 ~/.ssh
     $ sudo chmod 600 ~/.ssh/id_rsa
     $ sudo chmod 644 ~/.ssh/id_rsa.pub
    

Copying Public Key to Remote Servers

In this step, we copy the generated public key to remote servers that we want to connect via SSH without a password.

  • In the local machine, use the following command to append the generated public key to ~/.ssh/authorized_keys of the remote server.
    $ ssh-copy-id <username>@<remote domain or IP> -p <port_number>
    
  • In the remote server, be sure ~/.ssh/authorized_keys have permission 644.
    $ sudo chmod 644 ~/.ssh/authorized_keys
    

Adding Private key to SSH Authentication Agent on Local Machine

Now, in the local machine, we need to add the private key to the SSH authentication agent, allowing us to log into remote servers without a password.

  • Type the following command to add the key to the ssh-agent.
    $ ssh-add
    
    • Info. Useful ssh-agent commands
      • eval `ssh-agent -s` starts the ssh-agent in the background.
      • ssh-add -L` to list any keys that are held by the ssh agent.

⚠️ SSH Still Asking for Password?

If ssh still requires a password, it is mainly related to permission of the .ssh folder and files inside it. The followings solved the issue for me.

Permission

  • local machine (macOS and Ubuntu)
    • ~/.ssh: 700
    • ~/.ssh/id_rsa: 600
    • ~/.ssh/id_rsa.pub: 644
    • ~/.ssh/config: 644
  • remote server
    • ~/.ssh/authorized_keys: 644

SSH configuration on remote server

  • open up /etc/ssh/sshd_confg and make sure following properties are set.
    • StricModes no
    • PubkeyAuthentication yes
    • PasswordAuthentication yes

References

  1. Generating a new SSH key and adding it to the ssh-agent
  2. How to Setup SSH without Passwords

Leave a comment