Normally when you SSH into a computer, you need to provide a username and it will prompt you for your password, like this:
$ ssh joe@server_machine
joe@server_machine's password:
By generating a public-private key pair on the local machine and sharing the public key with a remote machine, you can SSH to the remote machine without providing a login or being prompted for a password.
After this setup is done, you will operate like this:
$ ssh server_machine
$ That is it! You are logged in without login or password!
To set this up:
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
This generates a public key in ~/.ssh/id_rsa.pub
and its corresponding private key in ~/.ssh/id_rsa
file.
~/.ssh/authorized_keys
file on the remote computer you are logging to. You can do this manually. However, the ssh-copy-id
script does this for you. To do this use this command:$ ssh-copy-id remote_machine
If there is no ~/.ssh/authorized_keys
file on the remote machine, this script will create it for you. If the file exists, your public key from local machine will be appended to the existing file.
If you have more than one public-private keys on your local machine, the ssh-copy-id
might use the wrong one. In such cases, point out the right file using the -i
option:
$ ssh-copy-id -i ~/.ssh/foobar_id_rsa.pub remote_machine
Make sure that the permissions of the .ssh
directory is -rwx------
and of the .ssh/authorized_keys
file is -rw-------
. Otherwise SSH will determine that the keys are not safe and you will still get asked for your password.
That is it, you can now SSH directly to this server machine.
Reference: Arabesque: Linux Crypto - SSH Keys
Tried with: Ubuntu 14.04