Public Key SSH Authentication
Sean Brown | Tuesday, May 02, 2006
On the local machine (i.e., your laptop):
ssh-keygen -t dsa
You'll get three prompts. To all three, simply hit
Enter file in which to save the key(/home/youraccount/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
This creates two files in your local home directory's .ssh folder, id_dsa and id_dsa.pub. id_dsa is your private key file. Guard it closely. id_dsa.pub is your public key file; you'll use this in a moment.
Change into the .ssh folder in your home directory. For me, that meant
Still on your local machine, we want to put a copy your id_dsa.pub file onto your server. I am using secure copy to do it, but you can substitute FTP if you like:
scp id_dsa.pub remote_user@remote_server.com:id_dsa.pub
Obviously, substitute your actual username and machine name into the code above. Now ssh into your account on the remote machine.
Now we're on your remote machine (in remote_user's home directory).
A copy of your local machine's id_dsa.pub file should be in your home directory. We need to copy its contents into a file called authorized_keys in the .ssh directory on your remote account. This assumes the .ssh folder already exists. If not create it first (
cat id_dsa.pub >> .ssh/authorized_keys
Now, set the permissions on your files and folders properly:
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
And don't forget to remove the copy of id_dsa.pub in your home directory.
And that's it. Log out of your remote machine, then back on your local machine, ssh back into your remote machine and you should get in with no password.
Sean Brown, Partner, Technology at Barefoot