Public key authentication over SSH

Public key authentication over SSH

by Zenon Harley

With most secure shell (SSH) platforms, a user can authenticate with either a password or a public key. This is a brief demonstration establishing public key authentication with OpenSSH.

Sending your public key

On you local machine, you should be able to log in to your server with a password. The following should issue a command on the server, proving that your password authentication works.

ssh user@server.com 'echo "It works!"'

In your home directory, there should be a subdirectory called .ssh which may contain either id_dsa.pub or id_rsa.pub (which is your public key). If neither such file is present, you need to generate a key. The following generates a dsa key (see Digital Signature Algorithm and RSA for algorithm details).

ssh-keygen -t dsa

Select the default location (something like .ssh/id_dsa) and provide a passphrase if you wish. Now it should be possible to view the contents of your public key (substituting rsa for dsa if necessary).

cat ~/.ssh/id_dsa.pub

Finally, with the following command, you will append your public key to the server's list of authorized keys (again, substituting rsa for dsa, if required).

ssh user@server.com "echo '`cat ~/.ssh/id_dsa.pub`' >> ~/.ssh/authorized_keys"

If this was successful, the following command will no longer require a password.

ssh user@server.com 'echo "It works!"'

If this doesn't work, you may wish to consult a more detailed but equivalent explanation.

Disclaimer

Use of any software or documentation on this page indicates your acceptance of our MIT-style license.

Skythink Solutions | Public pages are offered under the MIT license | Site revised - July 2010