Home » Blogs » Kevin's blog

Configuring SSH with Key based Authentication

Submitted by Kevin on Fri, 2009-03-27 17:57
My first step after installing a new Linux server is usually to setup SSH. I have setup key based authentication a couple times, but am still getting the hang of it. If you run into any problems, see the additional explanation at the end of this post. Here are the steps for a client using Putty on Windows and a server running CentOS.
  1. Run ssh-keygen -t rsa. This will create the private and public key files. Be sure to use the default file location.
  2. Run cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys. This will append the new public key to the authorized_keys file.
  3. Use Filezilla with the SFTP protocol to transfer the id_rsa file to your PC.
  4. Open Puttygen and Load the new id_rsa file. Then click on "Save private key."
  5. Now you should be able to open Putty and set up the new connection using the new private key file that was saved from Puttygen in the Connection -> SSH -> Auth setting. You can also enter the username in Connection -> Data setting.
Here are the steps to use if both the client and server are running Linux. These steps were prepared using an Ubuntu client and Ubuntu server.
  1. This time I am going to start on the client. First open a terminal and generate a key using ssh-keygen -t rsa. Again, be sure to leave the default file location.
  2. Next copy the public key file to the server using scp ~/.ssh/id_rsa.pub server_name:~/
  3. Now we need to ssh into the server to add the public key to the authorized_keys file. If you don't yet know how to ssh into your server, the command is ssh server_name. Since the key isn't setup yet, you will need to enter your password.
  4. The next step is to append the public key to the authorized_keys file. To do that, enter this command cat id_rsa.pub >> ~/.ssh/authorized_keys
  5. Then delete the public key file and exit your ssh session. rm ~/id_rsa.pub exit
  6. That is it, you will now be able to initiate an SSH session by simply typing ssh server_name
Here are some general notes about SSH and assumptions that the steps above make.
  • First of all I assume that you have SSH installed on your server. If you don't have SSH installed you will need to use your distro's tool for installing packages. On Ubuntu/Debian from a terminal run sudo apt-get install ssh
  • Make sure that the ~/.ssh directory has the permission 700 and the ~/.ssh/authorized_keys file has permission 600. Then you might need to restart the sshd service. In Centos this is done by running /sbin/service sshd restart. In Ubuntu the command is sudo /etc/init.d/ssh restart.
  • The Linux instructions above assume that your username on the server is the same as the username on the client. If they are different, you will need to add the username to the server_name items above. So instead of "server_name", you will use "username@server_name". Of course you will use the appropriate username and server_name.
Hopefully this post will help me to setup SSH more quickly next time. If it helps you also, that is even better.
»