SSH: Setting up public key authentication over SSH (CentOS, Redhat, Linux, Fedora)

Before we go in to details on how to set up public key authentication, I would like to talk about pros and cons about doing this. After you know the pros and cons, you can make an educated decision. First, let us talk about biggest benefit about setting up public key authentication over ssh. Once you set up the keys correctly, you will not need to enter password to access the other server. For example, you can just type ssh example.com and you will be logged in. This is the method you must use if you want to set up scripts which are run from crontab. For example, you may have rsync script running which does backups from one server to another every night. With every good thing, comes a bad thing. So let us say “somebody” has access to server1 as root. This somebody could be designated user or it could be a hacker who has gain root access to server1. Now since we have public key authentication over ssh setup between server1 and server2, this “somebody” now can access server2. As you can see, this can be a problematic. Now you know number one pro and con about setting up public key authentication over ssh. Let us now go on and actually go through process to setup keys.

On server1, you type: ssh-keygen -t rsa (just press enter to keep accepting defaults). You should see something like this:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a2:b2:aw:w2:63:25:2a:62:fs:d5:ff:fd:11:f1:aa:60 root@server1

Fingerprint for your server will be different. Now cat /root/.ssh/id_rsa.pub Copy the contents it displays. You will need this for server2. Paste it into notepad or any other text editor and make sure it pastes as one line. This is very crucial you check this.

Now login to server2. Create the public key by typing: ssh-keygen -t rsa (this is same thing we did on server1). Once you are done, type vi /root/.ssh/authorized_keys2

Paste the content you copied earlier on server1. Make sure it is all on one line. Save/exit.  At this point, we should change the permissions on the file to make sure sshd likes it:  chmod 600 /root/.ssh/authorized_keys2

Go back to server1 and type ssh server2 You should be logged in with out having to put in a password. If you are prompted for password still, check server2 /root/.ssh/authorized_keys2 file and make sure everything you pasted is one line.

That is all you have to do set up public key authentication over ssh!

————————————-
DISCLAIMER: Please be smart and use code found on internet carefully. Make backups often. And yeah.. last but not least.. I am not responsible for any damage caused by this posting. Use at your own risk.

15 thoughts on “SSH: Setting up public key authentication over SSH (CentOS, Redhat, Linux, Fedora)

  1. Gowrishankar

    Hi,

    Nice and usefull….

    My suggestion is

    Instead of copying and pasting the content, we can copy the id_rsa.pub file to server2 and can mention the path in /etc/ssh/sshd_config under AuthorizedKeysFile .

  2. Josh Martin

    When configuring your authorized keys file, be sure to chmod 600 the file as sshd will not allow using the file with the wrong permissions.

  3. Pingback: SVN: How do you use svn command line on Windows with ssh tunneling? | Technology: Learn and Share

  4. Pingback: SSH RSA Key question

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>