Ssh public key authentication

Ssh public key authentication

How to set up public key authorization with linux distributions using openssh, such as Fedora, Red Hat or Debian.

In this howto, you are on your own computer (whose name is local) as user erkki. You have
access to an ssh server (on a computer called Your username on server
is tero and your password is 2secret. Thus, you can login to the server with ‘ssh‘ and “2secret” as password.
Goal is to automate login so
that you don’t have to type your password when you login to server from local.
You should test that you can connect to server normally before trying to automate this: ssh, and answer “yes” if you are asked if you want to continue connecting.

(c) Tero Karvinen

Marathi translation (pdf)
contributed by Dhanashree Nagre. Marathi is
a language spoken in Maharashtra, India. That’s where Mumbai is located.

Create key pair

Run ssh-keygen on your own computer. Below, “local$” means your prompt and you don’t have to type it.

local$ ssh-keygen -t dsa

Press enter to each question. Keypair is stored to default location $HOME/.ssh/ and you can use your keys without typing a password.

Generating public/private dsa key pair.
Enter file in which to save the key (/home/erkki/.ssh/id_dsa):
Created directory '/home/erkki/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/erkki/.ssh/id_dsa.
Your public key has been saved in /home/erkki/.ssh/
The key fingerprint is:

Upload your public key to server

Upload your key to server using sftp. Put assumes the files you put are
in the directory where you were when you started sftp. That’s why we go to
/home/erkki/.ssh before we start sftp. Before you start sftp, you can use ls to see that really is in the directory where you are.

Sftp is started from local computer. Password is not echoed (printed) on the screen when you type it.

local$ cd $HOME/.ssh/
local$ sftp

Connecting to's password: 2secret
sftp> put                                    100%  616    47.3KB/s   00:00
sftp> exit

Now you have a key pair. The secret key is in local computer, on users home directory (/home/erkki/.ssh/id_dsa). Public key has been copied to remote server,
and is now stored in the home directory of the user of remote computer (/home/tero/ on

Put your public key to authorized_keys

Connect to remote server:

local$ ssh's password: 2secret

Now we are connected to, and using it remotely as
user tero. Note that the prompt usually changes to indicate this. Here, I have used “local$” for local computers prompt and “server$” for server.example.coms prompt. Optionally, you can check with ls that really is in user teros home directory on

Next, we put contents of (our public key) to the end of
the list of authorized public keys, stored in a file called authorized_keys.
Both and authorized_keys are normal text files.

If .ssh does not exist yet, it is created. Public key is printed (to standard out) with cat, and this is redirected to end of authorized_keys.

server$ mkdir -p .ssh
server$ cat >>.ssh/authorized_keys

Put very restrictive permissions to these authorization files, just to make sure.

server$ chmod og-rxw $HOME/.ssh $HOME/.ssh/authorized_keys


Let’s try connecting to server from local computer. Now that we have public key authentication working, it should no longer ask for a password. If you are still using remotely, exit.

server$ exit
local$ ssh


It did not ask for a password, so you have successfully installed public
key authentication for ssh.

Copyright 2004 Tero Karvinen
GNU Free Documentation License

Validate XHTML Basic 1.0

Posted in Old Site | Tagged , , , | Comments Off on Ssh public key authentication

Comments are closed.