Public Key SSH Authentication

This implementation will give you "passwordless SSH authentication." This can be set up between two machines on which you already have an SSH account. This example uses DSA encryption, but it works the same for RSA.

On the local machine (i.e., your laptop):

ssh-keygen -t dsa

You'll get three prompts. To all three, simply hit enter.

Enter file in which to save the key(/home/youraccount/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

This creates two files in your local home directory's .ssh folder, id_dsa and id_dsa.pub. id_dsa is your private key file. Guard it closely. id_dsa.pub is your public key file; you'll use this in a moment.

Change into the .ssh folder in your home directory. For me, that meant

cd /home/sbrown/.ssh

Still on your local machine, we want to put a copy your id_dsa.pub file onto your server. I am using secure copy to do it, but you can substitute FTP if you like:

scp id_dsa.pub remote_user@remote_server.com:id_dsa.pub

Obviously, substitute your actual username and machine name into the code above. Now ssh into your account on the remote machine.

Now we're on your remote machine (in remote_user's home directory).

A copy of your local machine's id_dsa.pub file should be in your home directory. We need to copy its contents into a file called authorized_keys in the .ssh directory on your remote account. This assumes the .ssh folder already exists. If not create it first (mkdir .ssh).

cat id_dsa.pub >> .ssh/authorized_keys

Now, set the permissions on your files and folders properly:

chmod 700 .ssh
chmod 600 .ssh/authorized_keys


And don't forget to remove the copy of id_dsa.pub in your home directory.

rm id_dsa.pub

And that's it. Log out of your remote machine, then back on your local machine, ssh back into your remote machine and you should get in with no password.

Sean Brown, Partner, Technology at Barefoot