Are you sick of typing in passwords when sshing into systems or when transferring files of scp of sftp. Well the good news is that there is an easier and safer way to do this with ssh keys.
Essentially you create a private key and a public key. You place the public key on the remote systems you log into and “unlock” them with your private key. The beauty is that you can have this happen in the background.
Create Your SSH Keys
First you need to set up some ssh keys. We are going to generate 1280 bit DSA key pairs which should be reasonably secure for the next few years. This is easy to do just type:
ssh-keygen -t dsa -b 1280
You will be prompted to “Enter the file into which you want to save the key.” the default should be fine so just hit enter.
Next you will be prompted for a passphrase. You have a decision to make here. If you enter a passphrase you will need to put this in every time you want to use your private key, ie every time you try to log onto a server. This makes your key less secure however.
I recommend that you put in a passphrase, because in part 2 I am going to show you how to overcome this passphrase problem.
To quote the man page on creating a good passphrase,
“Good passphrases are 10-30 characters long, are notsimple sentences or otherwise easily guessable (English prose has only 1-2 bits of entropy per character, and provides very bad passphrases), and contain a mix of upper and lowercase letters, numbers, and non-alphanumeric characters.”
If you choose not to use a passphrase, you can leave this blank and hit enter.
It should now display the key fingerprint. It is very important that you memorize this key… Just kidding. A little geek humor there, very little.
This will create a couple of files in /Users/<yourusername>/.ssh/ on and OS X box or most likely /home/<yourusername>/.ssh/ on a linux/bsd box
Transfer Your Key to the Server
to transfer to the .ssh directory in your home directory.
to list the files. You should see a file named id_dsa.pub. This is the public key that will allow you to log onto the server without having to enter your password each time.
Now you need to copy this file to the server. You will do this with scp (secure copy)
scp id_rsa.pub <username>@<server>:~/.ssh
This performs a secure copy to the .ssh directory in your home directory (The “~” part is shorthand for the path to your home directory). This assumes that the .ssh directory already exists. If it doesn’t log onto the server and type
Set Up Your Authorized Keys File
Now log into the server again by entering
Enter your password for the last time (hopefully).
you should see the id_dsa.pub file that we copied over in this directory.
cat id_dsa.pub >> authorized_keys2
This will put your public key in the list of allowed keys. (Using “>” instead of “>>” would overwrite the destination file, instead of appending to it.)
to return to you local machine.
Verify Everything is Working
Now try to ssh in again by typing
This time you should not be prompted for a password and you should be logged into the server.
You can type in
again to log off.