sudoedit.com!

Passwordless login with SSH Keygen

What is a rsa key?

RSA keys are a public key encryption method that keeps a private key on the host computer, and a public key on other machines. The public key is generated by a mathematical algorithm that can only be de-crypted with the private key. As long as the private key is kept confidential use of the keys is secure.

Why use rsa keys?

rsa keys are secure

The keys are secure because they can be encrypted on a users computer protecting the key from falling into the wrong hands, like a password printed on a sticky note and place on your desk. The rsa key is also secure because it allows a server administrator to shut off password authentication on remote servers making a brute force attack that utilizes password dictionaries impossible. By default the rsa key is 2048 bits but this can be altered with the -b option.

rsa keys are convenient

Keys are easy to create, and distribute. The key allows near instant authentication without stopping to type a password every time you need to jump onto a server.

From your Mac, Linux computer open the terminal and type the following

ssh-keygen

You will be asked a series of questions

user@testserver:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):

To keep the default just press enter. By default this will create a file called id_rsa under /home/user/.ssh/

Next it will ask for a passphrase. You want to enter a passphrase. The passphrase is what protects your private key from being readable by others.

Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

After entering the passphrase ssh-keygen will generate an rsa key and display a fingerprint like this:

    Your identification has been saved in /home/user/.ssh/id_rsa.
    Your public key has been saved in /home/user/.ssh/id_rsa.pub.
    The key fingerprint is:
    49:ee:8c:73:d2:a3:53:b9:b4:50:63:19:34:a2:47:c2 user@testserver
    The key's randomart image is:
    +--[ RSA 2048]----+
    |   .. o.o        |
    |    E+ ...       |
    |    . . .o       |
    |     . o=.       |
    |       oSo       |
    |      .=+        |
    |      ++*o       |
    |      .=o.       |
    |      ..         |
    +-----------------+

If you cd into /home//.ssh/ and list files you should see something similar to the below.

    cd .ssh/

    $ ls
    id_rsa  id_rsa.pub  known_hosts

We will be transferring the id_rsa.pub file to our remote server using "ssh-copy-id"

    user@testserver:~$ ssh-copy-id 192.168.0.2
    The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.
    ECDSA key fingerprint is 10:0f:3b:dy:3d:08:5a:3c:09:c8:81:c1:53:a2:94:9c.
    Are you sure you want to continue connecting (yes/no)? yes

If you haven't connected to the remote server yet you will be asked to accept the fingerprint of the server you are connecting to. Just type yes and hit enter.

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@192.168.0.2's password:

Next you will be asked for the password for the user account on the remote server. Only users with a valid account can connect this way.

Now you should be able to ssh to the remote server without being prompted for a password. You may have it input the passphrase to unlock the key file. However, if you are on a Mac or Linux desktop or laptop you can have it saved in your keychain and will not have to input the passphrase again.

 ssh user@192.168.0.2
 Enter passphrase for key '/home/user/.ssh/id_rsa':

Using rsa key authentication will increase the security of your server network.