Use Public Key Authentication with SSH

Authentication

Authentication keys come in two parts: a "public" component that is stored in the "~/.ssh/authorized_keys" file of any server where you want access. The other "private" component is stored only on your local system and allows you to gain access to any machine with the "public" key properly stored. It is impossible to deduce the contents of the private key given the public key. Thus, the private key is equivalent in power to the username and password that you would use to connect to a system without keys. Protect your private keys accordingly.

Local Encryption

Because private keys are very sensitive, it is crucial that you ensure the security of this data. Beyond ensuring that other users cannot read these files using standard file permissions, it is prudent to encrypt these keys locally. This helps guarantee that only individuals with the encryption passphrase will be able to use the private keys, even if they are able to access the key itself. Passphrases are only used to unlock the private key locally and are not transmitted in any form to the remote host.

SSH tools allow you to create private keys without encrypting them locally. This allows anyone with access to the private key to log into the remote host without any passwords. Although it makes it possible to log in to a remote host quickly without input, using unencrypted private keys is not recommended.

Generate Keys on a Unix-like System

The process for creating keys with a recent version of the OpenSSH package is the same across many different Unix-like operating systems.

To generate SSH keys for your host, issue the following command on your local system if you're using Mac OS X or Linux locally:

ssh-keygen

Answer all questions when prompted. The defaults are acceptable for most use cases. When complete, ssh-keygen generates an SSH key using the RSA algorithm. If you prefer the DSA algorithm, append "-t dsa" to the above command.

These SSH keys are located in the ~/.ssh/ directory. You will find the private key in the ~/.ssh/id_rsa file and the public key in the ~/.ssh/id_rsa.pub file.

Copy the public key into the ~/.ssh/authorized_keys file on the remote machine, using the following commands. Substitute your own SSH user and host names:

scp ~/.ssh/id_rsa.pub squire@example.com:/home/user/.ssh/uploaded_key.pub
ssh squire@example.com "echo `cat ~/.ssh/uploaded_key.pub` >> ~/.ssh/authorized_keys"

Congratulations! You can now sign into your server using your public key.

  • 13 Users Found This Useful
Was this answer helpful?

Related Articles

How can I create a database from an sql backup file ?

First, create the database.. /path/to/bin/mysqladmin -u $mysqlusername -p$mysqlpassword create...

How can I see all running processes from my server?

Type the following command from shell prompt.It will display the currently running processes. ps...

Connecting to your Windows server

To connect to your Windows VPS or Dedicated server, you use Remote Desktop Connection. Go to:...

Connecting to your Linux server

To connect to your Linux VPS or Dedicated Server, you need a ssh client.  We recommend...

Memory usage seems too high inside a VPS

There are cases when you may notice that the memory usage is too high inside your VPS without a...