Are you sick of ssh’ing into a server and having to type in your password? Yeah, me too.
Step 1) Create Key
Ran from your source computer
Option 1) The most basic way
I usually press ENTER through the passphrase part of it. You can enter in a password if you’d like.
Note: Passphrase – Secret Used to Protect Keys. A passphrase is similar to a password, but is used for protecting encryption keys or authentication keys.
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/Users/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/user/.ssh/id_rsa. Your public key has been saved in /Users/user/.ssh/id_rsa.pub. The key fingerprint is: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@computername The key's randomart image is: +--[ RSA xxxx]----+ | .. oo.o. . | | .. .o.o | | . . .... | | . . ..o .o | | o S + .+ | | o .00E+ | | . oo…o. | | .+. o. | | … | +-----------------+
Option 2) Specify your options
There are a lot more options (man ssh-keygen), but these are the ones I use the most.
- -t = type
- -b = bits
- -C = comment
- -f = filename
$ ssh-keygen -t rsa -b 2048 -C "$(whoami)@$(hostname)-$(date '+%Y-%m-%d')" -f ~/.ssh/id_rsa_$(date '+%Y%m%d')
You should now have the two files id_rsa and id_rsa.pub in your ~/.ssh directory.
$ cd ~/.ssh/ $ ls id_rsa id_rsa.pub known_hosts
Step 2) Copy public key (id_rsa.pub) to destination computer
You have two options
Option 1) Push your key to the destination computer via ssh-copy-id.
$ ssh-copy-id -i id_rsa.pub <REMOTE_HOST>
Note: ssh-copy-id appends the keys to the remote-host’s ~/.ssh/authorized_key file.
Option 2) Manually update your authorized_keys file on the destination computer.
Copy your public key from your source computer.
$ cat ~/.ssh/id_rsa.pub
Paste the exact key within id_rsa.pub into your authorized_keys file on the destination computer.
$ ssh <REMOTE_HOST> $ cd ~/.ssh/ $ vi authorized_keys
Step 3) Add private key to authentication agent
The ssh-add command by default adds your ~/.ssh/id_rsa private key identity to the authentication agent.
You can also add additional keys if you named it other than id_rsa.
$ ssh-add ~/.ssh/id_rsa_itsmetommy
You can also remove a single key.
$ ssh-add -d <KEY_NAME>
Or remove all keys.
$ ssh-add -d <KEY_NAME>
Or list all your keys that have been added to the authentication agent.
$ ssh-add -l
Step 4) Add key(s) to your .bash_profile
This is very helpful for when you reboot and don’t want to have to add all your keys one-by-one.
$ vi ~/.bash_profile $ ssh-add ~/.ssh/id_rsa $ ssh-add ~/.ssh/id_rsa_itsmetommy
If you added a passphrase to your ssh key, you may want to take a look at THIS SITE for options.
Step 5) SSH into your computer
Now try ssh’ing from your source computer into your destination computer.
Note: You will get a pop-up from your OS asking to enter your passphrase if you used one.
If SSHing still doesn’t work, try fixing the permissions on the following dir and file on the destination computer.
$ chmod 700 /home/<USERNAME>/.ssh $ chmod 600 /home/<USERNAME>/.ssh/authorized_keys
This is especially useful if you want to remove a passphrase from your SSH Key?
$ ssh-keygen -p -f ~/.ssh/id_rsa
Check .pub fingerprint
$ ssh-keygen -l -f <KEY_NAME>.pub
View public key based on private key
$ ssh-keygen -y -e -f <PRIVATE_KEY>
Compare Private to Public
$ ssh-keygen -y -e -f <PRIVATE_KEY> $ cat <PUBLIC_KEY>.pub
- -y This option will read a private OpenSSH format file and print an
OpenSSH public key to stdout.
- -e This option will read a private or public OpenSSH key file and print to stdout the key in one of the formats specified by the -m option. The default export format is “RFC4716”. This option allows exporting OpenSSH keys for use by other programs, including several commercial SSH implementations.
Public Key Validate/Validation
$ ssh-keygen -l -f .ssh/id_rsa.pub
$ ssh-keygen -l -f id_rsa.pub id_rsa is not a public key file.
View Public Key based on Private Key
This is helpful if you lose your public key, but still have your private key.
$ ssh-keygen -y -f <PRIVATE_KEY>
Convert Windows SSH Key to Regular Format
$ ssh-keygen -i -f id_rsa.pub > id_rsa_new.pub