How-To SSH Key Authentication & Password-less Logins
Copying SSH keys from machine-to-machine allows for authentication without having to enter a password. This is very useful for running scripts and cronjobs, or any automated task where secure shell access to remote machines are required. It also has the benefits of been more secure because the keys are hard to crack.
How does passwordless authentication work?
Basically, you generate two long random alphanumerical strings one for the public key and one for the private key. For the authentication to work, the private key is required to unlock the public key by matching the keys as a pair and giving access to the desired machine or service.
Generating the keys
Firstly login to your linux box (can be any distro Ubuntu, Debian, CentOS, Redhat etc) and issue the following command;
ssh-keygen -t rsa -b 4096
The entire key generation process looks like this;
ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dominictaylor/.ssh/id_rsa): [PRESS ENTER]
Enter passphrase (empty for no passphrase): [PRESS ENTER]
Enter same passphrase again: [PRESS ENTER]
Your identification has been saved in /home/dominictaylor/.ssh/id_rsa.
Your public key has been saved in /home/dominictaylor/.ssh/id_rsa.pub.
The key fingerprint is: 4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 dominictaylor@ubuntu01
The key's randomart image is:
+--[ RSA 2048]----+
| o=. |
| o o++E |
| + . Ooo. |
| + O B.. |
| = *S. |
| o |
| |
| |
| |
+-----------------+
The public key is now located in /home/dominictaylor/.ssh/id_rsa.pub
The private key (identification) is now located in /home/dominictaylor/.ssh/id_rsa
Copy SSH Keys from Host to Host
Once the key pair is generated, it's time to place the public key on the virtual server that we want to use. We do this because the Private Key is secret to us, hence the public key is stored on our server.
You can copy the public key into the new machine's authorized_keys file with the ssh-copy-id command;
(Remember to Change Port, Username & Hostname)
ssh-copy-id -p 22 username@hostname
EXAMPLE
ssh-copy-id -p 922 dominictaylor@ubuntuserver
Alternatively, if ssh-copy-id isn't installed then you can use the following command;
(Remember to Change Port, Username & Hostname)
cat ~/.ssh/id_rsa.pub | ssh -p 22 username@hostname "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"
EXAMPLE
cat ~/.ssh/id_rsa.pub | ssh -p 922 dominictaylor@ubuntuserver "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"
Getting folder already exists error? This means there is already a folder named authorized_keys so all we do then is just copy the file;
(Remember to Change Port, Username & Hostname)
cat ~/.ssh/id_rsa.pub | ssh -p 22 username@hostname "cat >> ~/.ssh/authorized_keys"
EXAMPLE
cat ~/.ssh/id_rsa.pub | ssh -p 922 dominictaylor@ubuntuserver "cat >> ~/.ssh/authorized_keys"
To copy the key to the clipboard for pasting then you may use the following command
cat ~/.ssh/id_rsa.pub | pbcopy