HomeBlogsaks's blog

How to setup Key based SSH authentication?

By aksFri, 11/06/2009 - 15:05

Introduction
SSH (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP ports can also be forwarded over the secure channel.
SSH connects and logs into the specified hostname (with optional user name). The user must prove his/her identity to the remote machine using one of several methods depending on the protocol version used. In this guide we will see how to set up a password-less method to authenticate to a SSH server.
Case Scenario
For this case, we make the following assumptions:
  1. The originating host, which we would like to authenticate to a SSH server, is named "bob".
  2. The SSH server or the remote host is named "monica".
  3. Both machines have SSH package installed. Also that bob is equipped with SSH client and monica is equipped with OpenSSH server; and the server daemon is running on the default port (i.e. 22).
  4. The user account on monica to which we want to authenticate is "foo" and the current logged in user on the bob's machine is "bar".
    Please replace "foo" and "bar" with actual user names; and "bob;" and "monica" with actual names of the machine in a real world.
Setting up the authentication
  • Generating the key
    • You need to generate a SSH key for your host if you have not yet generated. To generate a key, login to bob as the user "bar". Run the following command:
    ssh-keygen

    Use the current location (e.g. "/home/bar/.ssh/id_rsa" and "/home/bar/.ssh/id_rsa.pub"). Also you can use a password for the key.
  • Copying the key to the SSH server.
    • Now that you're required to copy the key over the SSH server "monica". To copy the file, we will use a tool called "SCP". Follow these steps:
    cd ~/.ssh/
    scp id_rsa.pub foo@monica:~foo/.ssh/bob_id_rsa.pub

  • Enabling authorization
    • Now that you need to add the SSH key from the file bob_id_rsa.pub to the file authorized_keys which resides under ~foo/.ssh/ directory. If the file does not exist, you have to manually create it.
    1. Login to monica (the SSH server).

      2. ssh monica -l foo

      Provide the password of the user foo to log in.

    2. Move to the .ssh directory

      3. cd ~/.ssh/

    3. Create the authorized_keys file if it does not exist.

      4. touch authorized_keys

    4. Append bob's SSH key to the key-file.

      5. cat bob_id_rsa.pub >> authorized_keys

      Remember to use double redirection (>>). If you use a single redirection (>), it will truncate the file and then add the SSH key from bob; all the other existing keys will be lost.

    5. Make sure that the files in .ssh are writable only by you, on both machines, and non-executable by anyone.

      6. chmod 644 *

    6. Exit from the monica's SSH session.

      7. exit

Testing the setup
Try logging in to monica again.
ssh monica -l foo

Now you can notice that you don't require a password to login.