It's Me, Tommy

SSH without using password – ssh-keygen

Are you sick of ssh’ing into a server and having to type in your password? Yeah, me too.

Step 1 — Create Key

Ran from your source computer

Option 1 — The most basic way

$ ssh-keygen

You can either press ENTER through the passphrase part of it or enter apassphrase for better security.

Note: Passphrase – Secret Used to Protect Keys. A passphrase is similar to a password, but is used for protecting encryption keys or authentication keys.

Example:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/user/.ssh/id_rsa.
Your public key has been saved in /Users/user/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@computername
The key's randomart image is:
+--[ RSA xxxx]----+
| .. oo.o. . |
| .. .o.o |
| . . .... |
| . . ..o .o |
| o S + .+ |
| o .00E+ |
| . oo…o. |
| .+. o. |
| … |
+-----------------+

Option 2 — Specify your options

There are a lot more options (man ssh-keygen), but these are the ones I use the most.

  • -t = type
  • -b = bits
  • -C = comment
  • -f = filename

Example

$ ssh-keygen -t rsa -b 2048 -C "$(whoami)@$(hostname)-$(date '+%Y-%m-%d')" -f ~/.ssh/id_rsa_$(date '+%Y%m%d')

You should now have the two files id_rsa and id_rsa.pub in your ~/.ssh directory.

$ cd ~/.ssh/
$ ls
id_rsa id_rsa.pub known_hosts

Step 2 — Copy public key (id_rsa.pub) to destination computer

You have two options

Option 1 — Push your key to the destination computer via ssh-copy-id from local → remote.

$ ssh-copy-id -i id_rsa.pub <REMOTE_HOST>

Note: ssh-copy-id appends the keys to the remote-host’s ~/.ssh/authorized_key file.

Option 2) Manually update your authorized_keys file on the destination computer.

Copy your public key from your source computer.

$ cat ~/.ssh/id_rsa.pub

Paste the exact key within id_rsa.pub into your authorized_keys file on the destination computer.

$ ssh [REMOTE_HOST]
$ cd ~/.ssh/
$ vi authorized_keys

Step 3 — Add private key to authentication agent

The ssh-add command by default adds your ~/.ssh/id_rsa private key identity to the authentication agent.

$ ssh-add

You can also add additional keys if you named it other than id_rsa.

Example:

$ ssh-add ~/.ssh/id_rsa_itsmetommy

You can also remove a single key.

$ ssh-add -d [KEY_NAME]

Or remove all keys.

$ ssh-add -d [KEY_NAME]

Or list all your keys that have been added to the authentication agent.

$ ssh-add -l

Step 4 — Add key(s) to ~/.zshrc  or ~/.bash_profile

This is very helpful for when you reboot or open a new terminal and don’t want to have to add all your keys one-by-one.

$ vi ~/.zshrc OR vi ~/.bash_profile
ssh-add ~/.ssh/id_rsa
ssh-add ~/.ssh/id_rsa_itsmetommy

If you added a passphrase to your ssh key, you may want to take a look HERE for options.

Step 5 — SSH into your computer

Now try ssh’ing from your source computer into your destination computer.

Note: You will get a pop-up from your OS asking to enter your passphrase if you used one.

Troubleshooting

If SSH still doesn’t work, try fixing the permissions on the following directories and files.

$ chmod 700 ~/.ssh                 # 700 (drwx------)
$ chmod 600 ~/.ssh/config          # 600 (-rw-------)
$ chmod 600 ~/.ssh/known_hosts     # 600 (-rw-------)
$ chmod 600 ~/.ssh/authorized_keys # 600 (-rw-------)
$ chmod 600 ~/.ssh/id_rsa          # 600 (-rw-------)
$ chmod 644 ~/.ssh/id_rsa.pub      # 644 (-rw-r--r--)

Helpful Commands

Add/Remove/Change Passphrase

This is especially useful if you want to remove a passphrase from your SSH Key?

$ ssh-keygen -p -f ~/.ssh/id_rsa

Check .pub fingerprint

$ ssh-keygen -l -f [KEY_NAME].pub

View public key based on private key

$ ssh-keygen -y -e -f [PRIVATE_KEY]

Compare Private to Public

$ ssh-keygen -y -e -f [PRIVATE_KEY]
$ cat [PUBLIC_KEY].pub
  • -y This option will read a private OpenSSH format file and print an
    OpenSSH public key to stdout.
  • -e This option will read a private or public OpenSSH key file and print to stdout the key in one of the formats specified by the -m option. The default export format is “RFC4716”. This option allows exporting OpenSSH keys for use by other programs, including several commercial SSH implementations.

Public Key Validate/Validation

$ ssh-keygen -l -f .ssh/id_rsa.pub

Example:

$ ssh-keygen -l -f id_rsa.pub
id_rsa is not a public key file.

View Public Key based on Private Key

This is helpful if you lose your public key, but still have your private key.

$ ssh-keygen -y -f [PRIVATE_KEY]

Convert Windows SSH Key to Regular Format

$ ssh-keygen -i -f id_rsa.pub > id_rsa_new.pub

Tommy Elmesewdy

,
, , , , , , ,