SSH public key authentication allows ssh login without password. Because public key is, well, public, the same key can be used in many servers without risk.

If you want it to Just Work™, use ssh-uploadkeys.

© 2005 Tero Karvinen

Below, I have used “local$” prompt for local computer. You sit in front of your local computer and type commands with its keyboard. Commands that are given on a remote computer are marked with a “remote$” prompt. Remote computer is the one that you connect with ssh. Not suprisingly at all, it makes a big difference whether you give commands to local or remote computer.

local$ cd $HOME/.ssh/
local$ sftp tero@server.example.com

Connecting to server.example.com… tero@server.example.com’s password: 2secret sftp> put id_dsa.pub id_dsa.pub 100% 616 47.3KB/s 00:00 sftp> exit

Now you have a key pair. The secret key is in local computer, on users home directory (/home/erkki/.ssh/id_dsa). Public key has been copied to remote server, and is now stored in the home directory of the user of remote computer (/home/tero/id_dsa.pub on server.example.com).

Connect to remote server:

local$ ssh tero@server.example.com
tero@server.example.com's password: 2secret
server$

Now we are connected to server.example.com, and using it remotely as user tero. Note that the prompt usually changes to indicate this. Here, I have used “local$” for local computers prompt and “server$” for server.example.coms prompt. Optionally, you can check with

ls

that

id_dsa.pub

really is in user teros home directory on server.example.com.

Next, we put contents of id_dsa.pub (our public key) to the end of the list of authorized public keys, stored in a file called authorized_keys. Both id_dsa.pub and authorized_keys are normal text files.

If .ssh does not exist yet, it is created. Public key is printed (to standard out) with

cat

, and this is redirected to end of authorized_keys.

server$ mkdir -p .ssh
server$ cat id_dsa.pub >>.ssh/authorized_keys

Put very restrictive permissions to these authorization files, just to make sure.

server$ chmod og-rxw $HOME/.ssh $HOME/.ssh/authorized_keys

Let’s try connecting to server from local computer. Now that we have public key authentication working, it should no longer ask for a password. If you are still using server.example.com remotely, exit.

server$ exit
local$ ssh tero@server.example.com

server$

It did not ask for a password, so you have successfully installed public key authentication for ssh.

Copyright 2004 Tero Karvinen www.iki.fi/karvinen. GNU Free Documentation License