Securely using SSH public key Authentication to connect to Remote system

By snorlaxprime

So if you are managing multiple servers using ssh like me, and don’t want to have to remember all the passwords or storing it on the cloud key chains, then the SSH public and private key authentication might be the solution to your problem.

Step 1. Generate the RSA key pair in the client

On the client computer that you are going to manage all the other servers, generate your public and private key pair using the following command

ssh-keygen -t rsa

Make sure you enter the password/paraphrase, this will be the one that you can remember, and will be used when you are going to login to all the hosts once you have it all set up. Once you have created the RSA key pair you should have two files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. id_rsa is your private key and id_rsa.pub is your public key, this will be the key that you will transfer to the host.

Step 2. Transfer your public key using sftp or scp.

In this example you are logging in to as user bob to a host in the sky using the following bob@server.in.sky, so you will use the following command

scp ~/.ssh/id_rsa.pub bob@server.in.sky:

You will need to enter the password for bob to get the file transferred to the host. The id_rsa.pub file should be transfer to the home folder of bob.

Step 3. Add your public key to the Host

Now login to the host as bob using ssh, you will need to be able to access the host to add your public key to the authorized_keys file in host. You can login to the host using the ssh command as below:

ssh bob@server.in.sky

Once you are in the host you will need to add your public key (id_rsa.pub) into the ~.ssh/authorized_keys file. You will have to make sure you can modify this file, if not you might have to ask the host system admin to add your public key to the file. If you have admin access to the host you can use the following command

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

Now you can safely delete your id_rsa.pub from the host, as it is no longer required.

Step 4. Login to the host

Now that you have done all this, you can test your login to the host by the following command as per normal:

ssh bob@server.in.sky

You will be prompted to enter your password/paraphrase that you have entered when you are creating the RSA key pairs back in step 1. You should be able to login to the server now without any issue.

Bonus Step. Setting different private key files in the client

If you have different private keys for whatever reasons, and you want to point to different private key files when you are logging in without having to type it into the command line all the time, you can setup the ~/.ssh/config file to point to different private keys for different host. Create or modify the ~/.ssh/config in the client machine as follow

vi ~/.ssh/config

Then enter the following for each variation of the private key to access the host.

Host server.in.sky
IdentityFile ~/.ssh/id_rsa

Now you can sit and enjoy the convenience of logging into multiple host without compromising the security.