Linux — SSH Key Based Authentication

There are many articles and tutorials out there on how to configure SSH to use public key authentication. I wanted to share my findings on the subject and identify some interesting connections I made when setting it up myself. The following instructions will show you how to setup SSH key based authentication, using Ubuntu 12.04, on a local and remote machines.

Local Machine:

    1. Start on the local machine. Login on the local machine as the user you will be using to initiate the SSH connection. NOTCE: This does not have to be the same user as on the remote machine. For example I’m using my local laptop with user name “jim”. And the remote machine user will be “serveruser”.
    2. Open a command prompt and ensure that you have ssh installed on the local machine.
      sudo apt-get install ssh
    3. Next, we need to generate a SSH key pair for this user on this local machine.
      ssh-keygen -t rsa -b 4096

      I chose to use the RSA algorithm with a key size of 4096-bits. I think 2048-bits is the the default if not specified. You will receive a couple of pop-ups, I chose to not use a passpharse. You can for even more security. Just remember if you do use a passphrase you will have to type it in everytme you invoke an SSH connection to the remote machine. A passphrase is useful for sharing your keys with others users, because if anyone else has your public key they will be able to login impersonating the user you created the key with on the remote machine.

    4. Next, we need to open up the id_rsa.pub file that was created from the SSH keygen program on the local machine. If you are using Ubuntu it should be located in the .ssh/ folder of the users home folder. Go ahead and open it up:
      less /home/jim/.ssh/id_rsa.pub

      Copy this entire string starting with “ssh-rsa” and ending with user@computername

Now for the remote machine side.

  1. Login to the remote machine with the username that you want to use the SSH key authentication with. For example, username on the remote machine I am using is “serveruser”.
    ssh serveruser@myserver 
    {password}
  2. Use vi to open .ssh/authorized_keys file.
    vi /home/serveruser/.ssh/authorized_keys

    In here copy the “ssh-rsa” public key you got from step 4 and paste it into the authorized_keys file. You can put as many “ssh-rsa” public keys as you want from different computers that you might have. For example I have a laptop and a desktop so my remote machine has two(2) “ssh-rsa” keys in it. One from each machine, allowing me to automatically log in with key authentication from both.

  3. Save the authorized_keys file and test from the local machine. You should now be able to use key authentication and not enter a password (unless your key is passphrase protected).

Congrats!
Now let’s go over a few things. We can see that in order to get SSH key authentication to work we simply need to generate a SSH keypair on our local machine via the ssh-keygen program, then grab the local machine public key(id_rsa.pub) and copy it into our remote machine’s authorized_keys file.

So it doesn’t matter what the local machine username is, the remote machine’s username is dependent on where you place the local machine usernames’s id_rsa.pub key in the authorized_key file of the remote machine user’s home directory.