There are a number of ways to configure authentication in Linux, you can even use Windows credentials. But generally, for SSH, I find it easier to just use a private key that is trusted on all my servers. This way I only need to know the password to use the key, and not the password for the account on the server.
The process involves owning a private key on your own client system. That can be a Linux system or Windows and putty. Anything that can use the private key can logon to the Linux server without knowing the servers password.
You can use puttygen on windows to create a private key, but generally I tend to use a Linux system for this. However you do it, you need to be able to copy the public part of the key and put it into the
Creating a key pair in Linux
ssh-keygen and specify a password/passphrase for the private key. If you don’t specify a password you’ll be able to logon to the remote server without specifying one! Which can be very handy if you need to connect an automated process without a password. Let it store these as the default names
id_rsa.pub. These are the private key and public key.
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/USER/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/USER/.ssh/id_rsa. Your public key has been saved in /home/USER/.ssh/id_rsa.pub. The key fingerprint is: 84:3d:86:74:d2:e3:95:06:a4:71:a6:61:cc:6c:e4:d6 USER@MACHINE The key's randomart image is: +---[RSA 2048]----+ | | | . | | . . | | + . | | . * B S | |* .. O = | |oO+E = | |+* . | |. | +-----------------+
Getting the Remote Server to Trust your Key
Once you have these two files you just need to add the contents of your id_rsa.pub file to the remote servers
~/.ssh/authorized_keys file for the user account you want to logon as, eg. root =
You may have more than one key in the file, which is why I say add yours to it. If you don’t have a file then you can simply copy the
id_rsa.pub file to create it. The user you want to logon as must have permission to the authorized_keys file. So if you create it make sure you allow them to read it.
I tend to copy the public key onto the remote server with scp and then logon to the remote server (using a traditional password logon) and then add the key to the users authorized_keys.
$ scp ~/.ssh/id_rsa.pub USERNAME@SERVER:~/mykey.pub $ ssh USERNAME@SERVER $ cat ~/mykey.pub >> ~/.ssh/authorized.keys $ chown USERNAME ~/.ssh/authorized.keys $ chmod 600 ~/.ssh/authorized.keys
Now you should be able to logout from the remote server (CTRL-D) and logon using your new private key.
$ ssh -i ~/.ssh/id_rsa USERNAME@SERVER
Use the password you specified for your private key and you should get connected.
Making Things Easier
Rather than having to specify the identity file to use each time you use ssh you can automate this by creating a
~/.ssh/config file with the following contents:
Host * IdentityFile ~/.ssh/id_rsa User root
Where this specifies for any host you connect to use the specified identity file and the user account
root. So a simple
ssh SERVER is all that’s required. It will automatically use the id_rsa file and the user root.
You can expand on this if you connect to various hosts and the user account is different on some hosts add more entries like:
Host printserver User printadmin
This would be equivalent to:
$ ssh -i ~/.ssh/id_rsa printadmin@printserver
When all I actually type is:
$ ssh printserver