How to Manage RSA Key keys for Automatic Login - newgeekorder/TechWiki GitHub Wiki

How to Use RSA Key for SSH Authentication

and login to remote services without password

RSA keys allow secure, authenticated remote access, file transfer, and command execution without having to remember passwords for each individual host you connect.

Ssh Prerequisite

Before we start, make sure your computer has a ssh client installed and the remote Linux system has ssh installed and sshd running, with RSA authentication enabled (RSAAuthentication yes in /etc/ssh/sshd_config).

First, you will need to generate the local RSA key:

# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

(It's safe to press enter here, as the /root/.ssh is the default and recommended directory to hold the RSA file.)

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

You have a choice here to

  • enter no password and use this key for password less login
  • enter a password to use the same password across all servers you upload the key to

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

Once the public key has been generated, it's time to upload it on any Linux systems you usually log into. It's recommended you use scp as the file transfer utility:

# scp .ssh/id_rsa.pub [email protected]:~

This command will copy the id_rsa.pub file in the $HOME directory. For instance, if you used root as the username, the file will be found in the /root directory and if you used a normal user, the file will be in the /home/that.user/ directory.

Next, connect to the remote host through SSH, with the username you used in the step above. RSA authentication won't be available just yet, so you'll have to use the old method to login. Once you are connected, add the new hostkey to the file /root/.ssh/authorized_keys or /home/user/.ssh/authorized_keys. If the .ssh directory doesn't exist, create it.

# cd $HOME

# cat id_rsa.pub >> .ssh/authorized_keys

The two right-angles will add the contents of id_rsa.pub file to the authorized_keys file, so in case the file already exists, you won't have to worry about the existing content being modified.

You are all set. To test the RSA authentication, initiate a ssh connection from your PC to one of the Linux systems:

# ssh [email protected]

If everything worked out well, you should be either asked for the passpharase (if you entered one), or get directly logged in. If you are prompted for the ssh password or get an error message, retry the above command using -v in order to turn verbose mode on and to be able to track down and correct the problem.