SSH without using password – ssh-keygen

Are you sick of ssh’ing into a server and having to type in your password? Yeah, me too.

Step 1) Create Key

Ran from your source computer

Option 1) The most basic way

$ ssh-keygen

I usually press ENTER through the passphrase part of it. You can enter in a password if you’d like.

Note: Passphrase – Secret Used to Protect Keys. A passphrase is similar to a password, but is used for protecting encryption keys or authentication keys.

Example:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/user/.ssh/id_rsa.
Your public key has been saved in /Users/user/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@computername
The key's randomart image is:
+--[ RSA xxxx]----+
| .. oo.o. . |
| .. .o.o |
| . . .... |
| . . ..o .o |
| o S + .+ |
| o .00E+ |
| . oo…o. |
| .+. o. |
| … |
+-----------------+

Option 2) Specify your options

There are a lot more options (man ssh-keygen), but these are the ones I use the most.

  • -t = type
  • -b = bits
  • -C = comment
  • -f = filename
$ ssh-keygen -t rsa -b 2048 -C "$(whoami)@$(hostname)-$(date '+%Y-%m-%d')" -f ~/.ssh/id_rsa_$(date '+%Y%m%d')

You should now have the two files id_rsa and id_rsa.pub in your ~/.ssh directory.

$ cd ~/.ssh/
$ ls
id_rsa id_rsa.pub known_hosts

Step 2) Copy public key (id_rsa.pub) to destination computer

You have two options

Option 1) Push your key to the destination computer via ssh-copy-id.

$ ssh-copy-id -i id_rsa.pub <REMOTE_HOST>

Note: ssh-copy-id appends the keys to the remote-host’s ~/.ssh/authorized_key file.

Option 2) Manually update your authorized_keys file on the destination computer.

Copy your public key from your source computer.

$ cat ~/.ssh/id_rsa.pub

Paste the exact key within id_rsa.pub into your authorized_keys file on the destination computer.

$ ssh <REMOTE_HOST>
$ cd ~/.ssh/
$ vi authorized_keys

Step 3) Add private key to authentication agent

The ssh-add command by default adds your ~/.ssh/id_rsa private key identity to the authentication agent.

$ ssh-add

You can also add additional keys if you named it other than id_rsa.

Example:

$ ssh-add ~/.ssh/id_rsa_itsmetommy

You can also remove a single key.

$ ssh-add -d <KEY_NAME>

Or remove all keys.

$ ssh-add -d <KEY_NAME>

Or list all your keys that have been added to the authentication agent.

$ ssh-add -l

Step 4) Add key(s) to your .bash_profile

This is very helpful for when you reboot and don’t want to have to add all your keys one-by-one.

$ vi ~/.bash_profile
$ ssh-add ~/.ssh/id_rsa
$ ssh-add ~/.ssh/id_rsa_itsmetommy

If you added a passphrase to your ssh key, you may want to take a look at THIS SITE for options.

Step 5) SSH into your computer

Now try ssh’ing from your source computer into your destination computer.

Note: You will get a pop-up from your OS asking to enter your passphrase if you used one.

Troubleshooting

If SSHing still doesn’t work, try fixing the permissions on the following dir and file on the destination computer.

$ chmod 700 /home/<USERNAME>/.ssh
$ chmod 600 /home/<USERNAME>/.ssh/authorized_keys

Helpful Commands

Add/Remove/Change Passphrase

This is especially useful if you want to remove a passphrase from your SSH Key?

$ ssh-keygen -p -f ~/.ssh/id_rsa

Check .pub fingerprint

$ ssh-keygen -l -f <KEY_NAME>.pub

View public key based on private key

$ ssh-keygen -y -e -f <PRIVATE_KEY>

Compare Private to Public

$ ssh-keygen -y -e -f <PRIVATE_KEY>
$ cat <PUBLIC_KEY>.pub
  • -y This option will read a private OpenSSH format file and print an
    OpenSSH public key to stdout.
  • -e This option will read a private or public OpenSSH key file and print to stdout the key in one of the formats specified by the -m option. The default export format is “RFC4716”. This option allows exporting OpenSSH keys for use by other programs, including several commercial SSH implementations.

Public Key Validate/Validation

$ ssh-keygen -l -f .ssh/id_rsa.pub

Example:

$ ssh-keygen -l -f id_rsa.pub
id_rsa is not a public key file.

View Public Key based on Private Key

This is helpful if you lose your public key, but still have your private key.

$ ssh-keygen -y -f <PRIVATE_KEY>

Convert Windows SSH Key to Regular Format

$ ssh-keygen -i -f id_rsa.pub > id_rsa_new.pub