SSH With Public-key encryption

Motivation

Typing your passwords all the time is tedious. Also there is the risk that an intruder on the remote site reads your passwords. Finally we also want to automate jobs to run without password. SSH offers public-key based login and this is a really useful thing.

How to use Public-Key login with your ssh connection

First you need a pair of public and private keys. You can generate this with:

ssh-keygen

This creates 2 new files in the .ssh/ directory within your home directory. Usually .ssh/id_rsa and .ssh/id_rsa.pub

It also asks you for a passphrase. Your keyfile is only useful with this passphrase. So choose a good and long phrase.

If you want a pair of keys for special purposes in different files you can use:

ssh-keygen -f somefile

This creates somefile and somefile.pub, which hold the private and public key. Technically it is allowed to have your passphrase empty. But only do this if you know what you are doing. We will learn about that later.

Second you need to install that key on the remote side. On the remote side you need a file .ssh/authorized_keys that contains the public key parts of keys that are allowed to login. Each one it its own line. That would look like this:

ssh-rsa AAAAB..
ssh-rsa AAAAC53....

You can manually copy it there (e.g. by first login in with your password) or your provider could ask you to send you your public key and he/she installs it there for you. Or you can use the ssh-copy-id script:

ssh-copy-id

This will first ask you for your password and then install the default key, or any other key that you specify after the -i option.