Secure SHell (ssh), authenticate users with RSA-keys


PuTTY IconIf you’re like me, you probably pop up one or more ssh-sessions a few times a day. Along with an occasional scp or sftp transfer. And against your better judgment, perhaps due to a well established lab-etiquette, you close the session in the belief that you no longer need it open. If it weren’t due to your super secure 32-charachter password, re-logging wouldn’t be such a hassle. With a clever use of cryptographic keys, you can make authenticating to your ssh-service a bit more convenient.

Client side:
Before you begin, you’ll need to generate a (public) key on your client. Thats the key you authenticate to the server with. I’ll use a 2048 bit rsa-key in this example. Open your terminal and type:
~$ ssh-keygen -t rsa [ENTER]
Pick the defaults, press enter through each option and wait for the key to generate.

The newly generated key will most likely be located at $HOME/.ssh/{id_rsa, id_rsa.pub}. Upload the “id_rsa.pub” file to the same directory on your server.

Server side:
Log in to your server, locate the file you just uploaded and:
~$ cat id_rsa.pub >> $HOME/.ssh/authorized_keys [ENTER]
Done! Now log out, and log back in. Notice any difference? No password!

This entire process has to be repeated for each client who wish to authenticate with the server, using this method.

Security Notice
As with any piece of sensitive data stored on your hard drive, the generated (private) key on your client is no exception. Physical, or other, access to your box may inadvertently provide access to the server as well.


Leave a Reply

Your email address will not be published.