SSH OpenSSH Keys

Generating RSA Keys
The first step involves creating a set of RSA keys for use in authentication.
This should be done on the client.
To create your public and private SSH keys on the command-line:

mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t rsa

Default the private key is stored in a file called id_rsa  and the public key is stored in a file called id_rsa.pub . It is the pub key that you send to other servers!

Transfer Client public key to Host
The key you need to transfer to the host is the public one. If you can log in to a computer over SSH using a password, you can transfer your RSA key by doing the following from your own computer:

ssh-copy-id <username>@<host>

Log in to your host
Log in to your host as usual; you should be prompted for your passphrase. After that the next connection will be made based on your private key.

If the host is configure to only use public key authentication then you have to disable this for a while (or copy the key via another account to the server).

To temporarily disable public key authentication edit your /etc/ssh/sshd_config  file and set the value for passwordauthentication  to yes .

Execute the ssh-copy-id and reset the passwordauthentication value in your sshd_config.

Troubleshooting

When no connection could be made check the ssh log at

/var/log/auth.log

When you encounter something like

Authentication refused: bad ownership or modes for directory /root

Try changing your home folder permissions:

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Share

Leave a Reply

Your email address will not be published. Required fields are marked *