you're reading...


How to setup key based SSH authentication?


SSH (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP ports can also be forwarded over the secure channel. SSH connects and logs into the specified hostname (with optional user name). The user must prove his/her identity to the remote machine using one of several methods depending on the protocol version used. In this guide we will see how to set up a password-less method to authenticate to a SSH server.

Case Scenario

For this case, we make the following assumptions:

  1. The originating host, which we would like to authenticate to a SSH server, is named “bob”.
  2. The SSH server or the remote host is named “monica”.
  3. Both machines have SSH package installed. Also that bob is equipped with SSH client and monica is equipped with OpenSSH server; and the server daemon is running on the default port (i.e. 22).
  4. The user account on monica to which we want to authenticate is “foo” and the current logged in user on the bob’s machine is “bar”. Please replace “foo” and “bar” with actual user names; and “bob;” and “monica” with actual names of the machine in a real world.

Setting up the Authentication

Generating the key

  • You need to generate a SSH key for your host if you have not yet generated. To generate a key, login to bob as the user “bar”. Run the following command:
  • Now that you’re required to copy the key over the SSH server “monica”. To copy the file, we will use a tool called “SCP”. Follow these steps:
		cd ~/.ssh/ scp id_rsa.pub foo@monica:~foo/.ssh/bob_id_rsa.pub

Enabling authorization

Now that you need to add the SSH key from the file bob_id_rsa.pub to the file authorized_keys which resides under ~foo/.ssh/ directory. If the file does not exist, you have to manually create it.

  1. Login to monica (the SSH server).
    				ssh monica -l foo
  2. Move to the .ssh directory.
    				cd ~/.ssh/
  3. Create the authorized_keys file (only if it does not exist).
    touch authorized_keys
  4. Append bob’s SSH key to the key-file.
     cat bob_id_rsa.pub >> authorized_keys

    Remember to use double redirection (>>). If you use a single redirection (>), it will truncate the file and then add the SSH key from bob; all the other

  5. Make sure that the files in .ssh are writable only by you, on both machines, and non-executable by anyone.
    				chmod 644 authorized_keys
  6. Exit from the monica’s SSH session.

Testing the setup

Try logging in to monica again.

ssh monica -l foo

Now you can notice that you don’t require a password to login.


No comments yet.

Post a Comment