Secure Shell (SSH), besides standard password authentication, gives us the possibility to authenticate using private – public key relation. This allows us access remote systems without typing the password each time we want to connect and the connection is still secure. This method is based on generation of two keys: private key (kept private on our local host), public key (given to any remote host we want to connect to passwordless).
1. Generate private/public key pair on local host
Press ENTER when prompted for passphrase:
[tuxfixer@pinky ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/tuxfixer/.ssh/id_rsa): Created directory '/home/tuxfixer/.ssh'. Enter passphrase (empty for no passphrase): (press ENTER) Enter same passphrase again: (press ENTER) Your identification has been saved in /home/tuxfixer/.ssh/id_rsa. Your public key has been saved in /home/tuxfixer/.ssh/id_rsa.pub. The key fingerprint is: 7a:0d:94:b4:19:6f:54:c2:70:c6:0e:a4:33:ce:1f:4b tuxfixer@pinky The key's randomart image is: +--[ RSA 2048]----+ | .=+=.. | | o.Xo. | | + =oo | | o + .. | | o E | | + = | | . + . | | . | | | +-----------------+
2. Copy public key from local host to the destination remote host
[tuxfixer@pinky ~]$ ssh-copy-id -i /home/tuxfixer/.ssh/id_rsa.pub firstname.lastname@example.org The authenticity of host '192.168.2.26 (192.168.2.26)' can't be established. ECDSA key fingerprint is 51:74:c0:fb:7b:5d:6a:f4:13:ce:71:e8:e9:e1:2c:51. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys email@example.com's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'firstname.lastname@example.org'" and check to make sure that only the key(s) you wanted were added.
3. Test passwordless connection
You shouldn’t be prompted for password anymore:
[tuxfixer@pinky ~]$ ssh email@example.com Last login: Thu Oct 8 01:06:02 2015 from 192.168.2.9 [tuxfixer@elmo ~]$