Sometimes you want to have the luxury of connecting to your linux server without using the password. One example is running a git server in your linux machine. If you are running a git server and every time you push your changes you have to enter the password.
If you use the RSA public and private key, then push and pull doesn’t need password anymore. Installing the RSA public and private keys doesn’t mean your security is compromised. It is even better than the using the password to login to your system.
There are two ways to create the key, one is using the putty-keygen provided by the putty software. The public key generated by the putty should be formatted if you are going to install it in your linux system. The other is using the ssh-keygen provided by the git-bash installation in your client machine. If you are going to use the putty to communicate to the server then the keys generated by putty is good. But for my purpose, i’ll be using the git-bash to communicate to my server, so i have to use ssh-keygen that is supplied with the git-bash utility.
Generate Public Key/Private Key
- You can generate the key from the client machine that you are using to connect to the server.
- Each client will have its own key pair and it has to be added to the server.
- Public key is always one line.
- Remove any extra formatting (if you are using putty-keygen) and then add ssh-rsa in front of it
ssh-rsa qpw8eurllk0925092384204202934029342lkrjwlkrw0234
- If you use ssh-keygen then it will be in the correct format. Create the key as follows
$ssh-keygen -t rsa
- It will generate both public and a private key pair. It is your choice to give a passphrase for the private key. Adding a passphrase makes it even more secure. But for my application to use it with the git server, i gave a blank passphrase (as i was avoiding to type the password everytime i push/pull updates to/from the server).
Enable RSA authentication in the server
- Open the /etc/sshd_config and verify the following is there and restart the ssh server
RSAAuthentication yes PubkeyAuthentication yes ChallengeResponseAuthentication no PasswordAuthentication no AuthorizedKeysFile %h/.ssh/authorized_keys
Install the key in the server
- Now move this public key to the server using sctp or any method.
- If the .ssh folder is not available in the home directory create one.
- Make sure that you and you only own the folder. (chmod 0700 to the folder)
- if the authorized_keys file is not there, then create one and the public key as follows
touch authorized_keys cat id_rsa.pub >> authorized_keys chmod 0600 authorized_keys
- Now the public key is added to the authorized_keys list.
Setup private key in the client
SSH has a per-user configuration file called ‘~/.ssh/config’ or you can make it global by editing the /etc/ssh/ssh_config. that it can use to select your private keys based on the remote user name and remote host by using wildcards. Edit the config as follows
IdentityFile ~/.ssh/ids/%h/%r/id_rsa IdentityFile ~/.ssh/ids/%h/%r/id_dsa
instead of
IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/id_dsa
The percent-h and percent-r take the host and the remote user from your SSH user and hostname arguments. Consider this example command:
$ ssh remote_user@remote_hostname.example.com
From the example command, the SSH client would use the wildcards to seek the correct key to use:
~/.ssh/ids/remote_hostname.example.com/<b "="">remote_user/
This means that if you had two private keys that you used to access two different servers, you would arrange them as follows. The first one is arranged as follows:
$ ls -l ~/.ssh/ids/remote.example.com/remote_user/ total 16 -rw------- 1 kelvin staff 668 Mar 24 20:09 id_rsa -rw-r--r-- 1 kelvin staff 610 Mar 24 20:09 id_rsa.pub $ ssh remote_user@remote.example.com [remote_user@remote ~]$ |
Connect to the server as follows
$ssh -vvv user_name@server_name
The three -vvv is for three levels of debug information