What’s SSH & SSH Keys
SSH A.K.A Secure Shell is used to make remote connections between computers to execute commands. A username and password is used for the authentication purpose when establishing the connection. If you have a very strong password, it’s almost 100% secure to use SSH since the data transmission is encrypted. But are you comfortable with typing the lengthy password every time you want to SSH? Also every time you type your password, you are sending your password over the network. So anyone who is eavesdropping on your connection will be able to intercept and crack your password. But if you switch to SSH keys you haven’t got anything to worry because your password is never transmitted over the network. Check out image below to get a vivid idea about the concept. So let’s get down to business(happy-face).
1. Create the RSA Key Pair
ssh-keygen command is used to generate a key pair. Most probably you will already have a key pair in your computer. If not type the below command.
ssh-keygen -t rsa
Okay good, now you have successfully generated the key pair, so let’s store them.
2. Store the Keys and Passphrase
Once you type the above command you will be prompted with below.
dasunhegoda@dasun:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/dasunhegoda/.ssh/id_rsa):
You can press enter here and save the file to the user home.
Enter passphrase (empty for no passphrase):
I know your question and it’s already answered here(do i need to have a passphrase for my ssh rsa key).
once you proceed, you will get an output similar to the below output.
Your identification has been saved in /home/dasunhegoda/.ssh/id_rsa. Your public key has been saved in /home/dasunhegoda/.ssh/id_rsa.pub. The key fingerprint is: 54:33:61:81:c8:39:b1:de:a2:ba:11:5e:13:03:8f:5f dasunhegoda@dasun The key's randomart image is: +--[ RSA 2048]----+ | . ..+ .Bo | | + =..o o | | . + E.. | | . = o | | . + o S | | . o o . | | o . | | o | | o. | +-----------------+
3. Copy the Public Key
Now you can copy the public key to the destination which you prefer the SSH access without a password.
dasunhegoda@dasun:~$ ssh-copy-id email@example.com
Now you should get a similar output as below.
dasunhegoda@dasun:~$ ssh-copy-id firstname.lastname@example.org /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'email@example.com'" and check to make sure that only the key(s) you wanted were added.
Below are the two key problems I have identified during configuring SSL keys. Just in case if you come across one of them or else both of them, don’t worry I got your back. Let’s fix them.
If you are having an issue connecting to the SSH destination make sure that the SSH destination is configured to accept private/public key authentication. To get it done edit the sshd_config file.
sudo vim /etc/ssh/sshd_config
You should change RSAAuthentication & PubkeyAuthentication to Yes.
RSAAuthentication yes PubkeyAuthentication yes
Make sure that the above two lines are not commented( no hash(#) sign in-front of the line). If you have to uncomment the lines don’t forget to restart the SSH server using below command.
sudo service ssh restart
You could end-up with still having to be asked for your password as shown below.
dasunhegoda@dasun:~$ ssh firstname.lastname@example.org Agent admitted failure to sign using the key. email@example.com's password:
So try the ssh-add command on your computer(on client).
You will get the below output.
dasunhegoda@dasun:~$ ssh-add Identity added: /home/dasunhegoda/.ssh/id_rsa (/home/dasunhegoda/.ssh/id_rsa)
You are done, no more steps, no more issues. Now you have passwordless access to your preferred destination. Get to know more about SSH keys here. If you have any questions let me know in the comments below. Your feedback is highly appreciated(happy-face).