ssh key based authentication

Citește postarea în română

Share on:

The ssh key based authentication is useful when you don’t want to type the password each time. Also is useful when for instance sshfs is used and mounting takes place without entering a password.

The end result should do login with the following command:

1$ ssh work

Server

In Ubuntu the server installation is done with:

1$ sudo apt-get install ssh

For other distributions the packege is usually called ssh or OpenSSH.

On server-side you must activate the public key authentication in the sshd_config file:

1#/etc/ssh/sshd_config
2
3PubkeyAuthentication yes

Client

On client-side the public/private key pair must be generate:

1$ ssh-keygen -t rsa -b 1024

Where the type of the key is rsa and 1024 is the size. Bigger is safer.

The public key must be copied on the server using the following command:

1$ ssh-copy-id -i ~/.ssh/id_rsa user@192.168.1.1

The -i option and key path are optional, if there was generated a single key on the client in ~/.ssh directory that one will be used as default.

Right now it should work to login using the next command without prompting for password:

1$ ssh user@192.168.1.1

Alias

The last step is creating an alias, in this case it will be called “work”.

You must make a config file in the ~/.ssh directory. The file must have 600 rights, that is reading and writing only for owner.

1$ cd ~/.ssh
2$ touch config
3$ chmod 600 ~/.ssh/config

In this file aliases will be set:

1Host work
2HostName 192.168.1.1
3User user
4IdentityFile ~/.ssh/id_rsa

At this step authentication to the previously defined host can be made with the command:

1$ ssh work

To learn more about ssh aliases checkout the manual:

1$ man ssh_config