SSH: Setting up public key authentication over SSH (CentOS, Redhat, Linux, Fedora)

Before we go in to details on how to set up public key authentication, I would like to talk about pros and cons about doing this. After you know the pros and cons, you can make an educated decision. First, let us talk about biggest benefit about setting up public key authentication over ssh. Once you set up the keys correctly, you will not need to enter password to access the other server. For example, you can just type ssh and you will be logged in. This is the method you must use if you want to set up scripts which are run from crontab. For example, you may have rsync script running which does backups from one server to another every night. With every good thing, comes a bad thing. So let us say “somebody” has access to server1 as root. This somebody could be designated user or it could be a hacker who has gain root access to server1. Now since we have public key authentication over ssh setup between server1 and server2, this “somebody” now can access server2. As you can see, this can be a problematic. Now you know number one pro and con about setting up public key authentication over ssh. Let us now go on and actually go through process to setup keys.

On server1, you type: ssh-keygen -t rsa (just press enter to keep accepting defaults). You should see something like this:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
a2:b2:aw:w2:63:25:2a:62:fs:d5:ff:fd:11:f1:aa:60 root@server1

Fingerprint for your server will be different. Now cat /root/.ssh/ Copy the contents it displays. You will need this for server2. Paste it into notepad or any other text editor and make sure it pastes as one line. This is very crucial you check this.

Now login to server2. Create the public key by typing: ssh-keygen -t rsa (this is same thing we did on server1). Once you are done, type vi /root/.ssh/authorized_keys2

Paste the content you copied earlier on server1. Make sure it is all on one line. Save/exit.  At this point, we should change the permissions on the file to make sure sshd likes it:  chmod 600 /root/.ssh/authorized_keys2

Go back to server1 and type ssh server2 You should be logged in with out having to put in a password. If you are prompted for password still, check server2 /root/.ssh/authorized_keys2 file and make sure everything you pasted is one line.

That is all you have to do set up public key authentication over ssh!

DISCLAIMER: Please be smart and use code found on internet carefully. Make backups often. And yeah.. last but not least.. I am not responsible for any damage caused by this posting. Use at your own risk.

25 thoughts on “SSH: Setting up public key authentication over SSH (CentOS, Redhat, Linux, Fedora)

  1. Gowrishankar


    Nice and usefull….

    My suggestion is

    Instead of copying and pasting the content, we can copy the file to server2 and can mention the path in /etc/ssh/sshd_config under AuthorizedKeysFile .

  2. Josh Martin

    When configuring your authorized keys file, be sure to chmod 600 the file as sshd will not allow using the file with the wrong permissions.

  3. Pingback: SVN: How do you use svn command line on Windows with ssh tunneling? | Technology: Learn and Share

  4. Pingback: SSH RSA Key question

  5. Tanisha

    Instead of aliens and humans, you will be choosing a variety of
    cute little animals with special abilities.
    Every field of life involves game playing and strategy making.

    So, if you choose the right group of numbers, using a full wheel,
    your chances to win the lottery are almost guaranteed.

  6. Anonymous

    After exploring a few of the articles on your site, I honestly like your technique of blogging.
    I book marked it to my bookmark webpage list and will
    be checking back soon. Please check out my web site too and tell me your opinion.

  7. air jordan

    I have to show my appreciation to you just for bailing me out of such a condition. As a result of looking out throughout the the net and meeting principles that were not pleasant, I was thinking my entire life was well over. Existing devoid of the solutions to the difficulties you’ve sorted out through your entire article content is a crucial case, as well as those that could have negatively affected my entire career if I had not encountered your web blog. That talents and kindness in touching a lot of things was priceless. I am not sure what I would have done if I had not discovered such a solution like this. It’s possible to now relish my future. Thanks a lot so much for this impressive and result oriented guide. I will not hesitate to endorse your site to anybody who needs direction about this issue.

  8. chrome hearts

    Thank you a lot for providing individuals with a very splendid chance to read in detail from this website. It is usually so beneficial and stuffed with amusement for me and my office mates to search your website at the very least three times per week to learn the latest secrets you will have. Not to mention, I am also at all times fulfilled considering the fantastic pointers served by you. Selected 2 points in this article are completely the finest we’ve had.

  9. bape hoodie

    My spouse and i have been absolutely thankful Louis managed to round up his studies while using the ideas he obtained from your own web page. It’s not at all simplistic to simply happen to be giving freely thoughts that many many others have been selling. So we do know we’ve got the website owner to give thanks to for that. The type of explanations you made, the simple site navigation, the relationships your site make it possible to foster – it is most fabulous, and it’s assisting our son in addition to the family understand this situation is brilliant, and that is very vital. Thanks for all the pieces!

  10. dior glasses

    I needed to send you this little remark to give many thanks again with your great secrets you’ve shown at this time. This is wonderfully open-handed with you giving freely all a few people could have marketed for an electronic book to end up making some dough for themselves, most importantly since you might well have tried it in case you wanted. The suggestions in addition worked like the good way to understand that other people online have the same fervor just like mine to figure out much more in respect of this condition. I believe there are several more fun times ahead for those who find out your site.

Leave a Reply

Your email address will not be published. Required fields are marked *