I just set this up and it works like a charm. However I imagine that I won’t be doing this every day, so I am writing this note to my future self.
How logging in on a remote server using an SSH key works (intuition)
This is sort of my non-expert, but technically viable understanding of how all of this magic works.
- Create a pair of keys using the command
ssh-keygen– one public key, and one private key.
- Upload the public key (that can be used to confirm the identity something generated using of the private key I believe), to the server (each user has a
~/.ssh/authorized_keyson the server).
- Make sure the
.sshdirectory on the server is only readable by your user.
- Make sure the directory where you store your key pair on your local computer is also only readable by you.
- When logging in, point
sshto use your private key, for the correct user on the remote server.
Create your ssh key pair using
ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "Enter an optional comment about your key"
You can use another name than
id_rsa. A public companion with the suffix
.pub will also be created. You do not have to enter a passphrase, e.g. when using the key via a script.
Protect your local .ssh directory using the following:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
Upload the public key via ssh:
cat ~/.ssh/id_rsa.pub | ssh email@example.com 'cat - >> ~/.ssh/authorized_keys'
Protect the .ssh directory on your remote server (remote shell) using:
chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh/
ssh -i ~/.ssh/id_rsa firstname.lastname@example.org
id_rsa is your private key.
One thought on “Login over SSH using SSH key”
If you’re using a distro with SELinux, you may also have to set the contexts on the ~/.ssh folder.
An easy way to do this is:
restorecon -R ~/.ssh