Securely using SSH public key Authentication to connect to Remote system
So if you are managing multiple servers using ssh like me, and don’t want to have to remember all the passwords or storing it on the cloud key chains, then the SSH public and private key authentication might be the solution to your problem.
Step 1. Generate the RSA key pair in the client
On the client computer that you are going to manage all the other servers, generate your public and private key pair using the following command
ssh-keygen -t rsa
Make sure you enter the password/paraphrase, this will be the one that you can remember, and will be used when you are going to login to all the hosts once you have it all set up. Once you have created the RSA key pair you should have two files ~/.ssh/id_rsa
and ~/.ssh/id_rsa.pub
. id_rsa
is your private key and id_rsa.pub
is your public key, this will be the key that you will transfer to the host.
Step 2. Transfer your public key using sftp or scp.
In this example you are logging in to as user bob to a host in the sky using the following bob@server.in.sky, so you will use the following command
scp ~/.ssh/id_rsa.pub bob@server.in.sky:
You will need to enter the password for bob to get the file transferred to the host. The id_rsa.pub
file should be transfer to the home folder of bob.
Step 3. Add your public key to the Host
Now login to the host as bob using ssh, you will need to be able to access the host to add your public key to the authorized_keys file in host. You can login to the host using the ssh command as below:
ssh bob@server.in.sky
Once you are in the host you will need to add your public key (id_rsa.pub
) into the ~.ssh/authorized_keys
file. You will have to make sure you can modify this file, if not you might have to ask the host system admin to add your public key to the file. If you have admin access to the host you can use the following command
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
Now you can safely delete your id_rsa.pub from the host, as it is no longer required.
Step 4. Login to the host
Now that you have done all this, you can test your login to the host by the following command as per normal:
ssh bob@server.in.sky
You will be prompted to enter your password/paraphrase that you have entered when you are creating the RSA key pairs back in step 1. You should be able to login to the server now without any issue.
Bonus Step. Setting different private key files in the client
If you have different private keys for whatever reasons, and you want to point to different private key files when you are logging in without having to type it into the command line all the time, you can setup the ~/.ssh/config
file to point to different private keys for different host. Create or modify the ~/.ssh/config
in the client machine as follow
vi ~/.ssh/config
Then enter the following for each variation of the private key to access the host.
Host server.in.sky IdentityFile ~/.ssh/id_rsa
Now you can sit and enjoy the convenience of logging into multiple host without compromising the security.