In order to log in to the remote server, you can use your username and password. This is an obvious thing and this method is used frequently. Sometimes, however, you want to be able to access your server without a password – I do this a lot when working with automation-related tasks such as backups or tunnels. Public key authentication is the tool which can help you. Long story short – you will generate public and private key pair. The private key will be stored on your source computer (the one which will initialize the connection), the public will be copied to the computer or computers you want to connect to. Please note that whoever will possess your private key, will be able to log in to all computers you placed your public key on – keep your keys safe.
Here is how you can create a passwordless connection between two computers – let’s name it linuxHome and linuxRemote. Of course, you can perform the same operation in both directions if you want to.
Create an SSH key
You should use ssh-keygen command to create your SSH key. First, log in to your linuxHome computer on the account you want to use for passwordless communication. Once logged in, execute the command:
You will be asked for the file name (you can simply press Enter), and the passphrase (you should leave this empty). In the default configuration, your private key is saved in /home/myAccount/.ssh/id_rsa file. The public key is stored in /home/myAccount/.ssh/id_rsa.pub file. Of course, myAccount is replaced with the actual name of the user you logged in as.
Copy the SSH public key to the destination host
Nowadays the easiest way to copy your public key to the linuxRemote host is to use this command:
myAccount@linuxHome$ ssh-copy-id otherAccount@linuxRemote
The tool will connect to the remote host and will ask you to provide the password for the otherAccount@linuxRemote. This is hopefully the last time you will need to use it.
Testing your connection
You should now be able to connect to your remote host without the password. Please try to run the following command:
myAccount@linuxHome$ ssh otherAccount@linuxRemote
If there are no issues, you should be connected and you should not see the prompt for the password.
What if there is no ssh-copy-id on my source host?
On some older computers, there is no ssh-copy-id. In that case, you can copy your public key information using ssh. First, we will need to create the .ssh directory on the linuxRemote:
myAccount@linuxHome$ ssh otherAccount@linuxRemote mkdir -p .ssh
Once the directory is created, we can copy public key information:
myAccount@linuxHome$ cat .ssh/id_rsa.pub | ssh otherAccount@linuxRemote 'cat >> .ssh/authorized_keys'
From now on, you should be good to go.
Behind the scenes
As you can see from the above example, the public key is stored in the .ssh/authorized_keys file on the remote host. This file can store multiple keys (for example if you want to connect to the same account from different source accounts). This means that you should be careful when adding new keys to the file. The ssh-copy-id is taking care of this on its own. When using the ssh copy method, make sure that you are using ‘>>’ after cat – this will append to the file instead of replacing its contents.
When ssh connection is made, the public/private key authentication method is used first. If this one fails, you will be asked for the password. If you want to debug your ssh connection, you can simply use:
myAccount@linuxHome$ ssh otherAccount@linuxRemote -v
This command will display verbose output of the ssh communication process and you can spot potential errors.