Are you sick of ssh’ing into a server and having to type in your password? Yeah, me too.
Step 1 — Create Key
Ran from your source computer
Option 1 — The most basic way
$ ssh-keygen
You can either press ENTER through the passphrase part of it or enter apassphrase for better security.
Note: Passphrase – Secret Used to Protect Keys. A passphrase is similar to a password, but is used for protecting encryption keys or authentication keys.
Example:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/user/.ssh/id_rsa.
Your public key has been saved in /Users/user/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@computername
The key's randomart image is:
+--[ RSA xxxx]----+
| .. oo.o. . |
| .. .o.o |
| . . .... |
| . . ..o .o |
| o S + .+ |
| o .00E+ |
| . oo…o. |
| .+. o. |
| … |
+-----------------+
Option 2 — Specify your options
There are a lot more options (man ssh-keygen), but these are the ones I use the most.
- -t = type
- -b = bits
- -C = comment
- -f = filename
Example
$ ssh-keygen -t rsa -b 2048 -C "$(whoami)@$(hostname)-$(date '+%Y-%m-%d')" -f ~/.ssh/id_rsa_$(date '+%Y%m%d')
You should now have the two files id_rsa and id_rsa.pub in your ~/.ssh directory.
$ cd ~/.ssh/
$ ls
id_rsa id_rsa.pub known_hosts
Step 2 — Copy public key (id_rsa.pub) to destination computer
You have two options
Option 1 — Push your key to the destination computer via ssh-copy-id from local → remote.
$ ssh-copy-id -i id_rsa.pub <REMOTE_HOST>
Note: ssh-copy-id appends the keys to the remote-host’s ~/.ssh/authorized_key file.
Option 2) Manually update your authorized_keys file on the destination computer.
Copy your public key from your source computer.
$ cat ~/.ssh/id_rsa.pub
Paste the exact key within id_rsa.pub into your authorized_keys file on the destination computer.
$ ssh [REMOTE_HOST]
$ cd ~/.ssh/
$ vi authorized_keys
Step 3 — Add private key to authentication agent
The ssh-add command by default adds your ~/.ssh/id_rsa private key identity to the authentication agent.
$ ssh-add
You can also add additional keys if you named it other than id_rsa.
Example:
$ ssh-add ~/.ssh/id_rsa_itsmetommy
You can also remove a single key.
$ ssh-add -d [KEY_NAME]
Or remove all keys.
$ ssh-add -d [KEY_NAME]
Or list all your keys that have been added to the authentication agent.
$ ssh-add -l
Step 4 — Add key(s) to ~/.zshrc or ~/.bash_profile
This is very helpful for when you reboot or open a new terminal and don’t want to have to add all your keys one-by-one.
$ vi ~/.zshrc OR vi ~/.bash_profile
ssh-add ~/.ssh/id_rsa
ssh-add ~/.ssh/id_rsa_itsmetommy
If you added a passphrase to your ssh key, you may want to take a look HERE for options.
Step 5 — SSH into your computer
Now try ssh’ing from your source computer into your destination computer.
Note: You will get a pop-up from your OS asking to enter your passphrase if you used one.
Troubleshooting
If SSH still doesn’t work, try fixing the permissions on the following directories and files.
$ chmod 700 ~/.ssh # 700 (drwx------)
$ chmod 600 ~/.ssh/config # 600 (-rw-------)
$ chmod 600 ~/.ssh/known_hosts # 600 (-rw-------)
$ chmod 600 ~/.ssh/authorized_keys # 600 (-rw-------)
$ chmod 600 ~/.ssh/id_rsa # 600 (-rw-------)
$ chmod 644 ~/.ssh/id_rsa.pub # 644 (-rw-r--r--)
Helpful Commands
Add/Remove/Change Passphrase
This is especially useful if you want to remove a passphrase from your SSH Key?
$ ssh-keygen -p -f ~/.ssh/id_rsa
Check .pub fingerprint
$ ssh-keygen -l -f [KEY_NAME].pub
View public key based on private key
$ ssh-keygen -y -e -f [PRIVATE_KEY]
Compare Private to Public
$ ssh-keygen -y -e -f [PRIVATE_KEY]
$ cat [PUBLIC_KEY].pub
- -y This option will read a private OpenSSH format file and print an
OpenSSH public key to stdout. - -e This option will read a private or public OpenSSH key file and print to stdout the key in one of the formats specified by the -m option. The default export format is “RFC4716”. This option allows exporting OpenSSH keys for use by other programs, including several commercial SSH implementations.
Public Key Validate/Validation
$ ssh-keygen -l -f .ssh/id_rsa.pub
Example:
$ ssh-keygen -l -f id_rsa.pub
id_rsa is not a public key file.
View Public Key based on Private Key
This is helpful if you lose your public key, but still have your private key.
$ ssh-keygen -y -f [PRIVATE_KEY]
Convert Windows SSH Key to Regular Format
$ ssh-keygen -i -f id_rsa.pub > id_rsa_new.pub