Overview

An SSH key will let you automatically log into your server from one particular computer without needing to enter your password. This is convenient if you make frequent SSH and scp connections to your server.

Results

You will create an SSH key on your computer, and then configure your server to accept it. This will allow you to automatically log into your server from this computer, without being prompted for your password.

Requirements

• SSH configured for a user on your server:
  • Connecting via SSH to your server
• SSH on your local computer: this walkthrough is for Linux/Unix computers, including Mac OS X. See the note at the end of this article for extended PuTTY instructions (for Windows computers).
• A previous SSH connection made from this computer. If you haven't ever used this computer to log into another server with SSH, please do so now. A simple login will suffice to generate the correct files on your local computer. See the previous links for instructions.

Instructions

1. This step is run on your remote server. Log into your server via SSH with your desired SSH user - root or a domain user - and execute the following command:

   
   mkdir ~/.ssh
   

2. This step is run on your local computer. Generate a key on your local computer, using strong encryption:

   
   ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "Enter an optional comment about your key"
   

   You should receive a prompt similar to the following. Please use a strong password. If you plan on using your key for automated tasks that don't require interaction, such as rsync, you might want to leave this blank:

   
   Enter passphrase (empty for no passphrase)
   

   Once you have entered your password twice, you should see output similar to:

   
   Your identification has been saved in /Users/username/.ssh/id_rsa.
   Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
   The key fingerprint is:
   60:b5:c1:b7:ee:ab:31:d1:70:d8:03:41:df:0f:08:eb Enter an optional comment about your key
   The key's randomart image is:
   +--[ RSA 2048]----+
   |     .=.         |
   |     . B o       |
   |      X B o      |
   |     o X o o     |
   |      E S   .    |
   |       o         |
   |      o .        |
   |       +         |
   |      ..o.       |
   +-----------------+
   

3. This step is run on your local computer. Make sure your .ssh directory and the files it contains have the correct permissions:

   
   chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
   

4. This step is run on your local computer. Upload your public key to your server. The command below reads the content of the key you just created on your computer, and appends that key to the authorized_keys file on your server. If you don't have an existing authorized_keys file, it creates one. Replace example.com with your domain:

   
   cat ~/.ssh/id_rsa.pub | ssh root@example.com 'cat - >> ~/.ssh/authorized_keys'
   

5. This step is run on your remote server. Make sure your .ssh directory on the server, and the files it contains, have the correct permissions:

   
   chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh/
   

That's it! You should now be able to log into your server from this computer without being prompted for a password.

Troubleshooting

On your remote server, run the following:

ls -la ~/.ssh | grep "authorized_keys"

You should see output similar to the following:

-rw-------  1 example.com example.com 398 Jul 15 10:32 authorized_keys

Note that the directory needs to include the file called "authorized_keys" with -rw------- (600) permissions.

Finally, run this command to check the permissions on your .ssh directory:

ls -la ~ | grep ".ssh"

drwx------   2 example.com example.com     3 Jul 15 10:32 .ssh

You should have a folder called ".ssh" with drwx------ (700) permissions.

If for either of these tests, you get blank output, or a message similar to the following:

ls: /root/.ssh: No such file or directory

Please repeat Steps 1 and 4-5 above.

Resources

• You can also make an ssh key for PuTTY.
• For more information on OpenSSH and the ssh-keygen command, please see the OpenSSH website.