Have you ever gotten tired of constantly entering your password whenever ssh’ing a remote computer? You don’t need to! You can create a pair of SSH keys, namely a private and public one, which will save you from re-entering your password in the future. The private key you keep secret in your home folder and the public key you copy to every server or remote computer which you wish to SSH. The authentication then proceeds as follows: when you wish to SSH a remote computer, their public key is then compared with your private key and if they match, then the authentication succeeds. Let’s proceed with how we create SSH keys
1. Create SSH Keys with ssh-keygen
Open up a terminal and type ssh-keygen
lindon@michael-laptop:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/lindon/.ssh/id_rsa): Created directory '/home/lindon/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/lindon/.ssh/id_rsa. Your public key has been saved in /home/lindon/.ssh/id_rsa.pub.
When prompted to enter a file, passphrase, same passphrase, simply press return – we don’t want to enter anything here. The last line will then be succeeded by the key’s fingerprint and random image. You’ll notice that the public and private key are found in the /home/user/.ssh folder (it’s hidden so make sure you can view hidden folders). The next step is to copy the public key over to the remote computer…
2.Transfer the public key with ssh-copy-id command
Syntax: ssh-copy-id [-i [identity_file]] [user@]machine
lindon@michael-laptop:~$ ssh-copy-id -i email@example.com The authenticity of host 'remotecomputer (xx.xxx.xxx.xx)' can't be established. RSA key fingerprint is
: : : : : : : : : : : : : : : :. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'remotecomputer,xx.xxx.xxx.xx' (RSA) to the list of known hosts. lindon@remotecomputer's password: Now try logging into the machine, with "ssh 'firstname.lastname@example.org'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. lindon@michael-laptop:~$
The -i option means that the default public key, i.e. ~/.ssh/id_rsa.pub, is used.
3. Login without Password
lindon@michael-laptop:~$ ssh email@example.com Welcome to Ubuntu 11.04 (GNU/Linux 2.6.38-11-generic x86_64) * Documentation: https://help.ubuntu.com/ Last login: Sun Sep 11 15:57:14 2011 from xx.xxx.xxx.xx lindon@remotecomputer:~$
And there we go, login without password!