I won't talk about how public keys work. If you don't know it yet, you could learn more here. The point is, I use Public Key Authentication (PKA) very often, on all types of OS, to connect to a large variety of hosts. So here are my preferred ways to set it up.
On Unix / Linux / Mac OS X with OpenSSH
Generate your key pair with:
ssh-keygen -t rsa -b 4096 -C "sergei@MacBookPro"
Argument
-t
specifies the type of key you're creating (go with RSA), -b
is the encryption level (I'm doubling the default value here), -C
adds a comment to the public key (now it's easy to ID my key on the remote host).After some time you'll be prompted for keys name / location and the passphrase. Make the phrase a long one if you want good security, it stops bad people from using your key. A sentence or two from a song / poem / story you like, with punctuation and capitalization will make it more secure, and more memorable, than randomly generated password.
In some special cases you can just hit "Enter" for password-less key. Less secure, but very useful for some automated tasks.
By default, private and public keys
id_rsa
and id_rsa.pub
respectively, should now be inside .ssh
directory in your current user's home directory.Append contents of your public key into the
authorized_keys
file in the remote host's .ssh
directory with either:cat ~/.ssh/id_rsa.pub | ssh user@remote.machine.com 'cat >> .ssh/authorized_keys'
or, if
ssh-copy-id
is available on your system, with:ssh-copy-id user@remote.machine.com
On Windows with PuTTY
puttygen.exe
utility from the excellent PuTTY suite will allow you to generate private and public keys keyname.ppk
and keyname.pub
. Note: PuTTY saves public key in SSH-2 format, but it will also give you the OpenSSH format version. Run the utility and do the following:- select "SSH-2 RSA" as type of key to generate
- enter 4096 in the "Number of bits in a generate key field"
- click "Generate" button
PuTTYgen will start generating your key. Move your mouse in random manner over the blank area until the bar is full.
Now to finalize your key:
- enter your key comment
- enter your strong passphrase (or leave it empty if required)
- save a copy of your private and/or public key (in SSH-2 format) to some secure location
- Right click, "Select all" and copy your public key (in OpenSSH format) to append it to
authorised_keys
file on remote host
You can now configure a PuTTY session to use your private key, or load it automatically on start up with Pageant.
And done...
You should now be able to log into your remote machine using public key authentication.
Sometimes this won't work if your your home directory, your
.ssh
. directory, and other related files are group- or world-writable. If you're getting a "Permission denied (publickey)" error, try doing the following on your remote host:chmod go-w ~/ chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
For more information check out these helpful links: