Password Authentication is not secure. Your password may be too simple to crack or acidentally may be recorded or leaked. Therefore, it is a good practice to configure the authentication without using Password.
SSH using Public/Private Key Pair
The Simple Idea to replace Password Authentication is to Use a Private/Public Keys (Asymmetrical Cryptography Algorithm e.g. RSA). Let’s say you are on Host A and want to login to Host B. All you need to do is the following steps:
Generate a Public/Private Key Pair on Host A
You can run `ssh-keygen -t rsa` to generate a key pair. Just press Enter when questions are prompted.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Created directory '/home/user/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: XXXXXXXXXXXXXXXXXXXXXX user@HostA The key's randomart image is: +---[RSA 2048]----+ | =B+o++. | | XXXXXXXX.| | . .o+XXXX*| | ..o @ o o| | XXXXX . . | | .o=.B . | | o.* | | XXXX | | o | +----[SHA256]-----+ |
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Created directory '/home/user/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: XXXXXXXXXXXXXXXXXXXXXX user@HostA The key's randomart image is: +---[RSA 2048]----+ | =B+o++. | | XXXXXXXX.| | . .o+XXXX*| | ..o @ o o| | XXXXX . . | | .o=.B . | | o.* | | XXXX | | o | +----[SHA256]-----+
As you can see, in the /home/user directory, there will be two files: private key `id_rsa` which you should not give it to anybody else. And `id_rsa.pub` which you will need to give it to your destination Host.
Configure Authorized Keys on Destination Host
Then, on the Host server B, in the directory /home/user/.ssh/, we need to create a file if it is not there i.e. authorized_keys and you need to copy the content of the public key file namely `id_rsa.pub` and append to the end of the file. Each line will be one authorized key.
That is it. When this is all set, from Host A, you can directly SSH or scp to the Host B.
Avoid Permissions Pitfall
However, if it is not working, most of the time it is due to incorrect file permissions. You need to run the following on Host B.
1 2 | chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys |
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
Also, the home directory need to be set correctly:
1 | chmod g-w,o-w ~ |
chmod g-w,o-w ~
Debugging SSH Login Problems
You can use `ssh -v` to see the verbose information which might help you identify the problem.
1 2 3 | debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:XXXXXXXXXXXXXXX /home/user/.ssh/id_rsa debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 |
debug1: Next authentication method: publickey debug1: Offering public key: RSA SHA256:XXXXXXXXXXXXXXX /home/user/.ssh/id_rsa debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
–EOF (The Ultimate Computing & Technology Blog) —
loading...
Last Post: How do you Test Getter and Setter Interface in Java using Mockito (Mocking)?
Next Post: Can We Make Arithmetic Progression From Sequence of Numbers?
