SSH keys can be used to create a secure connection to a remote computer. In other words, they are an alternative to logging in using a password.
Keys come in pairs: a private key and a public key. The public key is meant to be shared, the private key should never be shared, obviously.
The steps for setting up SSH keys for authentication are simple:
- Find an existing SSH key pair or create a new one.
- Add the public key to the remote computer.
- Connect to the remote machine.
The rest of this article lists various methods of achieving these steps.
All following commands use username
barry and IP address
220.127.116.11. Naturally, these should be replaced by your own username and the IP address or hostname of your choice.
Find an existing SSH key
Keys are generally stored in the
.ssh folder in your home directory (on your local machine!) For me that would be
If that folder contains the files
id_rsa.pub you already have an existing key pair. Of these,
id_rsa is the private key and
id_rsa.pub is the public key.
Create a new SSH key
In case you don't have an existing SSH key pair, or if you want to overwrite these, run the following command:
$ ssh-keygen -t rsa
The command will ask you some questions:
- At what location do you want to save the keys? If you don't know, just use the default location.
- What passphrase (password) do you want to use? You can leave this blank if you don't want a passphrase. This makes automation easier but means you have the private key absolutely private. Read Do I need to have a passphrase for my SSH RSA key? for more details.
Add an SSH key to a remote machine
/home/<username>/.ssh/authorized_keys contains all public keys that can be used to log in as that user. In order to authenticate ourselves, we will need to copy our public key to the
authorized_keys of the user on the remote computer.
This can be done in 3 ways:
1. Manually add a public key to authorized keys
Get the contents of your private key
id_rsa.pub. The contents should look similar to this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTSqkjrM7jGLSOr6iRlJbtsLo9hbNkIWKuwqYTYxBOrhlkNranC6GZeuW0xXiQGHoa43PuU/WXrtD9DH7JjcfGiAF+2msdZNxw52qXQJCZ4qDIokzRK499ZJka9ug35qRagCGJbrXOV52b29mCMhcUyxGg5YwssrsGyW36Jx1+hhJsTWoaGBwh3CwDKRPMU/CVAe3NPjd1O/w8o3faenLepir2PgXSx5A5igcDJExfYnmReeGVKuUhfKtc0OPx6D8zyGbn5eGVO07DXhzPkUhk6OUcYXdfkpozMUOAOFC9zYbXHR4fOuQ3B9mjpDbUQZkeC9mhNMvYBRcsYZ1iQdqb username@hostname
Now, login to the remote computer and edit
/home/barry/.ssh/authorized_keys. Add the contents of your public key to the end of the file and save it.
2. Add a public key to the autorized_keys using bash
The above can also be achieved by executing the following command:
$ cat ~/.ssh/id_rsa.pub | ssh firstname.lastname@example.org "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
This command automates all the things we did before:
- First it gets the content of the public key (
- Then it connects to the remote machine (
- Now that we have connected, it executes the rest of the command which ensures that the
.sshdirectory exists and is writable before it appends the contents of the public key to the authorized keys (
"mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys")
3. Add a public key to authorized_keys using
ssh-copy-id utility makes the process even simpler, but it is not installed on all machines. Just run the following command:
ssh-copy-id -i ~/.ssh/id_rsa.pub email@example.com
Connect to the remote machine
If everything was set up in the correct way, you can now connect like this:
$ ssh firstname.lastname@example.org
If you have stored your private key in a different location, try this:
$ ssh -i /path/to/id_rsa email@example.com
I hope you enjoyed this article and found it helpful. Let me know what you think by leaving a comment!
If you liked this article, you might also like:
Very clear, simple but comprehensive explanation with alternatives.