I log into my server several times a day through SSH. Sometimes, it gets a little frustrating trying to type that oh-so-secure random password every time. I’m a hunt’n'peck typist, and typically get my password wrong a few times.

So, I’ve implemented an SSH key setup that I use to connect between machines.

Here’s how:

First things first, on your local box, create a public/private key pair:

$ ssh-keygen -t rsa -C thom

Once you have done that, you will be prompted for a filename in which to save the key pair, and an optional password for the key itself. I think the password negates the use of the key, and chose to leave it blank.
Now, cat out the public key. Mine is located at ~/.ssh/id_rsa.pub:

$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsFwZH6hxcjQiErOT+GKJc1T2LZS62gHGPvr4bcy
Y3m5sWoqpz09Kn82ch7SJCG4yxswix9Hy/vvTa09YUqGdBISxkvaz8BZk7fC1YdOTt6R/2cc5CJK
7xMVuBlTvMIXkzQPQ+N1CQx2DOBbeGgqESU7uiahXZYN8HbF5DAwG73CfJMmkNF8lEWQXx
7F2o/R56G8//gx1swHMC/hVYY9zXdRj3zy7ladK7kQ7L6ST06d7ayXd7jnLwSvJRuXiUiLDfBPDTlik
WUruL0egkAoHxyrcCX+vtPJnJXK5hQFG6P7d975xJZLGecEhwMg5qpDmTWcycqEfBEvxd8YVo
AlWJQ== thom

Log into your remote server as you always have, but for (hopefully) the last time. Assuming you have already ssh’d into the box, there should be a .ssh/ directory in the remote user’s home directory. Paste your local public key into the ~/.ssh/authorized_keys file on the remote machine. Create the file if it doesn’t already exist.

Make sure that the authorized_keys file has permissions of 600. Issue the following commands to make sure:

$ chmod 600 ~/.ssh/authorized_keys
$ ls -l ~/.ssh/authorized_keys

Now, you need to make sure sshd is configured to allow for key-based entry. In the /etc/ssh/sshd_config file on your server, make sure the following options are set:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

I would recommend at this point also making sure that the option “PermitRootLogin no” is set, as allowing root SSH login is a pufickly hu-yooge! security risk!

Now that those options are in place, go ahead and restart sshd for your system. On Linux, issue this command as root:

# /etc/init.d/sshd restart

Now, if everything progressed according to plan, when you login to the remote server, you should be greeted with a shell prompt, not a password prompt.

If you are still having problems, check your work. The .ssh directory’s file permissions should look similar to this:

$ ls -lh ~/.ssh
total 16K
-rw——- 1 thom thom 388 Jan 3 18:01 authorized_keys
-rw——- 1 thom thom 887 Jan 3 18:14 id_rsa
-rw-r–r– 1 thom thom 230 Jan 3 18:14 id_rsa.pub

There you are! No more fumbling with passwords, and still just as secure as ever! Now, I would suggest creating an encrypted USB disk on which to back up your RSA keys.