HomeHowTo › SSH With Keyfiles

SSH With Keyfiles

If you do a lot of SSHing it might be annoying to remember all the passwords and having to enter them all the time. In this case it can be useful to use a keyfile instead of a password to login. Mind, that pathes might vary depending on your Linux version! This tutorial has been created/tested using an Ubuntu 12.04 server and Mac OS 10.8 client.

1. Generate a keypair on your workstation

If you don’t already have a keypair, you can use the “ssh-keygen” tool to create one. Additional parameters are not necessary if you’re fine with the default rsa keysize of 2048 bits.

ssh-keygen
1
2
3
4
5
6
7
AcidX:.ssh acidx$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/acidx/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/acidx/.ssh/id_rsa.
Your public key has been saved in /Users/acidx/.ssh/id_rsa.pub.

The tool should already have set the correct file permissions, but it can’t hurt to quickly verify those. Make sure that your private key stays private and can only be accessed by you (–> chmod 600 id_rsa).

2. Copy your public key to the server(s)

Now you have to copy your public key (–> id_rsa.pub) to every server you want to connect to passwordless. There are two ways to do this.

2.1 Automatic

If you have “ssh-copy-id” installed, you can use this to automatically transfer your public key to the server:

ssh-copy-id -i ~/.ssh/id_rsa.pub user@remoteserver.com
2.2 Manual

First, on your workstation, use “scp” to transfer your public key to the server:

scp ~/.ssh/id_rsa.pub user@remoteserver.com:./.ssh/id_rsa.pub

Then, ssh into the server, append your public key to the “authorized_keys” file and delete the uploaded file:

1
2
3
4
ssh -l user remoteserver.com
cd .ssh
cat id_rsa.pub >> authorized_keys
rm id_rsa.pub

Also, you might wanna set the permissions for “authorized_keys” to 600.

3. Login without password

Now you should be able to log into the server without a password. If you entered a passphrase during keypair generation (to protect the private key), you’ll have to enter this one before you can connect. If the default ssh command doesn’t work, you can use the -i parameter to specify your private key file:

ssh -l user remoteserver.com
ssh -l user -i ~/.ssh/id_rsa remoteserver.com

Leave a Comment