Tired of always having to enter your 200+ character password into terminal when you use SSH? Well there is an easier way to do it that requires no password and is still just as secure! Have this nice little tutorial on setting up SSH Public/Private keys so you don’t have to use a password each time you SSH into a system.
If you are wondering exactly what SSH Public/Private keys are, and what they do, I will let Davic McNett explain.
…Public-key authentication (or PKI — a public key infrastructure) is an authentication method that relies on a generated public/private keypair. With PKI a special “key” is generated which has a very useful property: Anyone who can read the public half of the key is able encrypt data which can then only be read by a person who has access to the private half of the key. In this way, having access to the public half of a key allows you to send secret information to anyone with the private half, and to also verify that a person does in fact have access to the private half. It’s easy to see how this technique could be used to authenticate.
As a user, you can generate a keypair and then place the public half of the key on a remote system. That remote system is then able to authenticate you, or prove that you are really you, and allow you to login just by having you demonstrate that you have access to the private half of the keypair. This is done at the protocol level inside SSH and happens automatically…
So in quick summary, it allows the remote host to authenticate your session using a key file, instead of a password. And because no two systems will generate the exact same public key, your session will always be secure. That is, unless someone gains access to your private key. So, now that you know what we are doing, time to move to the tutorial!
To start, open terminal on your local system and enter ssh-keygen -t dsa. This will generate the SSH Public/Private keys for the system, as shown below.
[email protected]:/# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): (PRESS ENTER) Enter passphrase (empty for no passphrase): (PRESS ENTER) Enter same passphrase again: (PRESS ENTER) Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 5e:11:41:b9:5b:3f:7e:8a:3f:c4:a0:4b:82:36:26:d2 [email protected] The key's randomart image is: +--[ DSA 1024]----+ | .. | | .. | | .. | | ... | | So.o | | . o o.=. . | | . * E ..o | | + o o =. | | .oo.=o | +-----------------+ [email protected]:/#
Now that you have done this, you just need to copy the public key to the remote system. To do this, just run the following command where IPADDRESS is the address of the remote host. What this command does is it copies the public key over to the remote host so it will be able to authenticate your system.
cat ~/.ssh/id_dsa.pub | ssh [email protected] 'sh -c "cat - >>~/.ssh/authorized_keys"'
It will ask for the root password, but after that you should now be able to access the host without a password! To test this, just SSH as the account you connected with before (in this example, we used root)
And if all went well, you should be connected to the remote host as root! Hope you found this to be helpful.