How To: SSH Public Key Authentication

This is a mini guide on setting up public/private key authentication for SSH. There are several benefits for doing this. For example, it can be used to automate authentication, or to enhance security by requiring a pre-generated key in addition to a normal password.

Local computer setup

First, make sure you have a .ssh folder in your home directory. If not, create it.

mkdir ~/.ssh

Next, create the SSH keys. When asked for a pass phrase, leave blank if your purpose is to automate logins. Otherwise, enter a password to enhance security. Keep in mind that if you do not enter a password, your weakest point will become the key, so guard it with your life.

ssh-keygen -t rsa

This will create two files in the .ssh directory: id_rsa and id_rsa.pub. The pub file holds the public key and will be placed on the remote server.

Remote server setup

Copy the id_rsa.pub file to the remote server.

scp ~/.ssh/id_rsa.pub example@example.com:/home/example

Create a .ssh directory on the server if needed and move the pub key into it. For example:

mkdir /home/example/.ssh
mv /home/example/id_rsa.pub /home/example/.ssh/authorized_keys

Lock the .ssh directory down.

chown -R example:example /home/example/.ssh
chmod 700 /home/example/.ssh
chmod 600 /home/example/.ssh/authorized_keys

Wrap up

That’s all there is to it. If your purpose was to enhance security, test logging in with your private key. For even more security you can set PasswordAuthentication to no in your sshd configuration to make the private key mandatory.

Keep in mind that if you

Works Cited

Slicehost Articles: Ubuntu Hardy setup – page 1, but reproduced here for simplification and personal reference.

2 comments… add one
  • After looking at a few of the blog articles on your site, I really appreciate your technique of writing a
    blog. I book-marked it to my bookmark website list and will be checking back soon.
    Please visit my website too and tell me how you feel.

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.