This is definitively not the first post on the Internet about this, but I keep needing this and I think I really needed my own version of the post.
You are on your local machine (mine is a Mac) and I want to connect to a remote server (Ubuntu or CentOS in this scenario).
Let’s assume the remote host is called remotehost and you want to connect as remoteuser.
Generate a Pair of Authentication Keys
Open a terminal and generate a pair of authentication keys. Do not enter a passphrase.
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/Users/jgp/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/jgp/.ssh/id_rsa. Your public key has been saved in /Users/jgp/.ssh/id_rsa.pub. The key fingerprint is: 77:c3:79:a8:98:50:92:6b:5f:5b:43:68:a9:b3:59:6a jgp@Jean-Georgess-MacBook-Pro.local The key's randomart image is: +--[ RSA 2048]----+ | | | . | | o . | | + + o | | + S * X . | | . O B * + | | B o | | E= . | | .+ | +-----------------+
If you get:
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/Users/jgp/.ssh/id_rsa): /Users/jgp/.ssh/id_rsa already exists. Overwrite (y/n)? n
It means you already have a set of keys and you do not want to erase them. Go directly to step 2.
Setup Remote Host
If nobody has done it before: now use ssh to create a directory ~/.ssh as user remoteuser on remotehost. (The directory may already exist, which is fine):
$ ssh remoteuser@remotehost mkdir -p .ssh remoteuser@remotehost's password:
Share your Public Key
Append your new public key to remoteuser@remotehost:.ssh/authorized_keys, to remoteuser@remotehost:.ssh/authorized_keys2, and enter tremoteuser’s password (twice).
$ cat ~/.ssh/id_rsa.pub | ssh remoteuser@remotehost 'cat >> .ssh/authorized_keys' remoteuser@remotehost's password:
$ cat ~/.ssh/id_rsa.pub | ssh remoteuser@remotehost 'cat >> .ssh/authorized_keys2' remoteuser@remotehost's password:
- On Centos, we need to have the keys in both authorized_keys and authorized_keys2 (it may work without the keys in authorized_keys, but this has not been tried).
- Change the permission of the remote .ssh directory to 700; this is on remotehost.
chmod 700 ~/.ssh
- Change the permissions of .ssh/authorized_keys2 to 640; this is on remotehost.
chmod 640 ~/.ssh/authorized_keys2
From now on you can log into remotehost as remoteuser from your local machine without password.
$ ssh remoteuser@remotehost
- SSH login without password, http://www.linuxproblem.org/art_9.html, Mathias Kettner.