π 2016-Jan-20 ⬩ βοΈ Ashwin Nanjappa ⬩ π·οΈ ssh ⬩ π Archive
Normally when you SSH into a computer, you need to provide a username and it will prompt you for your password, like this:
$ ssh joe@server_machine
joe@server_machine's password:
By generating a public-private key pair on the local machine and sharing the public key with a remote machine, you can SSH to the remote machine without providing a login or being prompted for a password.
After this setup is done, you will operate like this:
$ ssh server_machine
$ That is it! You are logged in without login or password!
To set this up:
$ ssh-keygen -t ed25519 -C "your_email@example.com"
Here ed25519
is a key type. Other supported key types are rsa
, dsa
and ecdsa
. It is recommended to use only ed25519
or rsa
.
The above command generates a public key in ~/.ssh/id_ed25519.pub
and its corresponding private key in ~/.ssh/id_25519
file. If you use a different key type, the file suffix would correspondingly be different.
~/.ssh/authorized_keys
file. Instead of doing this manually, it is recommended to use the ssh-copy-id
tool for this:$ ssh-copy-id remote_machine
If there is no ~/.ssh/authorized_keys
file on the remote machine, this script will create it for you. If the file exists, your public key from local machine will be appended to the existing file.
If you have more than one public-private keys on your local machine, the ssh-copy-id
might use the wrong one. In such cases, point out the right file using the -i
option:
$ ssh-copy-id -i ~/.ssh/foobar_id_ed25519.pub remote_machine
Make sure that the permissions of the .ssh
directory is -rwx------
and of the .ssh/authorized_keys
file is -rw-------
. Otherwise SSH will determine that the keys are not safe and you will still get asked for your password.
That is it, you can now SSH directly to this server machine.
Reference: Arabesque: Linux Crypto - SSH Keys
Tried with: Ubuntu 22.04