SSH Private & Public Key Howto
January 6th, 2009
This is a very simple howto (for Linux/Mac users) on setting up both SSH client side and server side keys. Using private and public keys for ssh, scp, and sftp is great for a series of reasons.
On the client:
On the server:
Also you should note some important settings in your server’s sshd_config file:
If you make any changes to your sshd_config file, you’ll need to restart the SSH server.
- You can give someone your public key to put on their server so you have access. I just did this the other night. As soon as I was done he simply removed my key - no passwords had to be shared.
- It allows for better security so you don’t have someone trying to guess passwords or dealing with someone who can’t remember the password and does the “sticky note with password on monitor” trick.
- If you choose to not use a passphrase on your keys, you can use it with automated processes that require using scp.
On the client:
mkdir -p ~/.ssh chmod 700 ~/.ssh ssh-keygen -q -f ~/.ssh/id_rsa -t rsa # here you'll be asked to create a passphrase, optionally it can be left blank scp ~/.ssh/id_rsa.pub yourserver.com:
On the server:
mkdir -p ~/.ssh chmod 700 ~/.ssh cat ~/id_rsa.pub >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys rm -f ~/id_rsa.pub
Also you should note some important settings in your server’s sshd_config file:
PubkeyAuthentication yes # yes to allow priv/pub key auth PasswordAuthentication no # no to ONLY allow priv/pub key auth ChallengeResponseAuthentication no # no to ONLY allow priv/pub key auth
If you make any changes to your sshd_config file, you’ll need to restart the SSH server.