Hi all.
It would drive me bananas if I would have to remember password for each and every of my shell accounts… Using password as an authentication method is also not the greatest thing as the password could be brute-forced… Leaving the account with no password is unacceptable however from the security point of view. Solution? Use authentication keys – public and private.
How to get them? Its very easy.
Open terminal on Your local machine.
Use command:
ssh-keygen -t rsa -b 8192
When asked for:
Enter file in which to save the key (/home/mylogin/.ssh/id_rsa):
Press [ENTER].
Enter passphrase (empty for no passphrase)
Press [ENTER].
Enter same passphrase again:
Press [ENTER].
[andrzejl@wishmasus ~]$ ssh-keygen -t rsa -b 8192
Generating public/private rsa key pair.
Enter file in which to save the key (/home/andrzejl/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/andrzejl/.ssh/id_rsa.
Your public key has been saved in /home/andrzejl/.ssh/id_rsa.pub.
The key fingerprint is:
c4:f6:76:41:cb:00:ac:88:4b:d8:fd:67:2e:75:91:30 andrzejl@wishmasus.loc
The key's randomart image is:
...
Randomart
...
[andrzejl@wishmasus ~]
SO what You did so far? You have generated a pair of authenticating keys. Private – which is for Your eyes only and public which can be shown to anyone.
Keys are placed in those two files:
PRIVATE KEY:
~/.ssh/id_rsa
PUBLIC KEY:
~/.ssh/id_rsa.pub
Run this command:
cat ~/.ssh/id_rsa.pub
Lets say it spits out this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDITvIRB6YbQlkp0GuXSnxtYANQqQ6mw4zhvDsEjW4xfpg63PvUsJepeD7QtCZr06iuWM2lmTKWtKgALIgRvJtL1v483EAyHSap84Q2+j5AC+wuLTuwYB41QkRZzUAW0+vvTUOAoRZdpSGU6F0FQJ73rQPBkwrJp+qD/0Pa5+eVH1fXOM/A5/F0LLOV1Bp92X9Pjd9RmL4BFAeRcEiOyUUklpDI1rDFcpOWxRBsWK/vnp2KEM6nPemIPYrie4wDqkOJtch32xcx70qXoJZVBZvo26T/PpHjUbOlV1XjBP9IlL/oEXkCRowP7tu2ZnRPnv8CQ2780IVee0QATXTS+Fw5yuUJfO/HMyOH2tmO2whgqr+MoLOOigmcXESeKb+LAysrudmc94cdnqxeAKPmUjIkILeQUDpHJQtwOFpE+1Ls/KGsZ4ThY6UkopuHVp3nYBNL7TOwyqAR9yv/afsLFwmseQ8sbo1doPDAf3XZItY70jLos5xIMs/ZdDkyV+XN+EIynG0pqd8+2Rz31ZxeIbNTt1zEEd52TImOKa/ibPHvObtvPEN5fYsptWNjSHDSWF6qFrCdEr1+yJAkMQt1VkZGkbN3Cru8zjaVWJx9oXkNRZ0TlSC3McuP9BThK6WoEAifrQA7NpDEdFOxWPnknI0gI7wUYPEYKQLG5b9ABP4GfKc8C9DzCCNzaQnPcJ9P9BmlHELEEBuIOLIDDzsxoJ7WB/NmUmwKVpCqwaqsHOiZuwFaFKtyJAY39i1qC6MDsQRuPUuAnui4QM0yKyhOyRr9GUJzfSlZ5jzRTD8v8Ri9V+aaAqJgJ7nEk2wRrhoAwIO8G3j1+5EALy1l1AnurZMbwVyDZDoDbgkbHwIBnoL6xGHZbLQA7vCpRk+1PmdGe7Hql+4mz06TUyavkWQPgl+OLtJT99/i5Lm8glgyNvrMsZsK9hptXnc3iWrpn43CpqUfjdQmaP+x2aKNDnz/rkCfPUZTr3hZz/LnRFzxNKp3FriNbsUUEEnmf/3UVh939krsMCa/INScILeCrdV0Zgy9XN2SfidMNep2dIyAjIRGuiBqsauHbJ31ZB9XRRqkRoj3RrNXaWIQe471oBsw+5oA2Y+v40ksdbR0VU600teLDbU9yMaf839zVHzoZKBswu9nO6DhO41ffHEHJ+oprLbcC9C/W8N5v/WmqNE10fOLFasF1j/N/sup6wIhXzQ8xiiJ+0PrR88k64pGl2Bb9zySUR0lfSibv4nMt904xV8ebdgH++B9h9KGUJMD4iPPkC7an7EyGA+apf70aMEOzjKe+G4bSdCBkkAnUXzP3G5lo0D6nL+Zo/AIBUjSF5bcsC4NP04E2zD7S/uTNAC93BSZ andrzejl@wishmasus.loc
Now copy this ^^^ ENTIRE line.
Now that You have generated authentication keys and copied the public one – You have to place the public key in a file on the remote machine. Not just any file. Its a specific file in a specific folder both with a specific permissions.
Open new terminal. Ssh Yourself to the remotemachine.net
ssh -p 22 -l mylogin remotemachine.net
Create directory in .ssh in Your home folder
mkdir ~/.ssh
Give it correct permissions:
chmod 700 ~/.ssh
Create file authorized_keys in the newly created directory
touch ~/.ssh/authorized_keys
Give it correct permissions:
chmod 600 ~/.ssh/authorized_keys
Paste the content previously copied from the cat /home/mylogin/.ssh/id_rsa.pub command combined with
echo "PASTE" > ~/.ssh/authorized_keys
Example:
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDITvIRB6YbQlkp0GuXSnxtYANQqQ6mw4zhvDsEjW4xfpg63PvUsJepeD7QtCZr06iuWM2lmTKWtKgALIgRvJtL1v483EAyHSap84Q2+j5AC+wuLTuwYB41QkRZzUAW0+vvTUOAoRZdpSGU6F0FQJ73rQPBkwrJp+qD/0Pa5+eVH1fXOM/A5/F0LLOV1Bp92X9Pjd9RmL4BFAeRcEiOyUUklpDI1rDFcpOWxRBsWK/vnp2KEM6nPemIPYrie4wDqkOJtch32xcx70qXoJZVBZvo26T/PpHjUbOlV1XjBP9IlL/oEXkCRowP7tu2ZnRPnv8CQ2780IVee0QATXTS+Fw5yuUJfO/HMyOH2tmO2whgqr+MoLOOigmcXESeKb+LAysrudmc94cdnqxeAKPmUjIkILeQUDpHJQtwOFpE+1Ls/KGsZ4ThY6UkopuHVp3nYBNL7TOwyqAR9yv/afsLFwmseQ8sbo1doPDAf3XZItY70jLos5xIMs/ZdDkyV+XN+EIynG0pqd8+2Rz31ZxeIbNTt1zEEd52TImOKa/ibPHvObtvPEN5fYsptWNjSHDSWF6qFrCdEr1+yJAkMQt1VkZGkbN3Cru8zjaVWJx9oXkNRZ0TlSC3McuP9BThK6WoEAifrQA7NpDEdFOxWPnknI0gI7wUYPEYKQLG5b9ABP4GfKc8C9DzCCNzaQnPcJ9P9BmlHELEEBuIOLIDDzsxoJ7WB/NmUmwKVpCqwaqsHOiZuwFaFKtyJAY39i1qC6MDsQRuPUuAnui4QM0yKyhOyRr9GUJzfSlZ5jzRTD8v8Ri9V+aaAqJgJ7nEk2wRrhoAwIO8G3j1+5EALy1l1AnurZMbwVyDZDoDbgkbHwIBnoL6xGHZbLQA7vCpRk+1PmdGe7Hql+4mz06TUyavkWQPgl+OLtJT99/i5Lm8glgyNvrMsZsK9hptXnc3iWrpn43CpqUfjdQmaP+x2aKNDnz/rkCfPUZTr3hZz/LnRFzxNKp3FriNbsUUEEnmf/3UVh939krsMCa/INScILeCrdV0Zgy9XN2SfidMNep2dIyAjIRGuiBqsauHbJ31ZB9XRRqkRoj3RrNXaWIQe471oBsw+5oA2Y+v40ksdbR0VU600teLDbU9yMaf839zVHzoZKBswu9nO6DhO41ffHEHJ+oprLbcC9C/W8N5v/WmqNE10fOLFasF1j/N/sup6wIhXzQ8xiiJ+0PrR88k64pGl2Bb9zySUR0lfSibv4nMt904xV8ebdgH++B9h9KGUJMD4iPPkC7an7EyGA+apf70aMEOzjKe+G4bSdCBkkAnUXzP3G5lo0D6nL+Zo/AIBUjSF5bcsC4NP04E2zD7S/uTNAC93BSZ andrzejl@wishmasus.loc" > ~/.ssh/authorized_keys
Logout from the remote machine:
exit
Log back in.
ssh -p 22 -l mylogin remotemachine.net
Remote ssh server shouldn’t ask for a password. If it does – You messed up…
You can use 1 private key to connect to multiple servers. Just copy the public key to all of them like I explained above. Permissions are crucial. 700 for the .ssh folder and 600 for the authorized_keys file. 99% of errors are connected to the wrong permissions of the folder / file or due to the wrong file name.
Cheers.
Andrzej
