SSH using secure key is actually very simple but if you look around web the explanations are sometimes confusing.
The concept is simple, similar to our door keys – to get access you should have the key. Similarly SSH Keys are used to connect from one machine to another machine without providing a password. So there are three things to understand here
- Client machine (from which connection is requesting)
- Server machine (to which connection is requesting)
- Key (used by client machine for authentication, instead of password)
The main part here is to get the Key used for connecting. How and where to get the key. The key can be generated anywhere. Yes, in any machine – need not be in the client or server machine but in any machine. Some online posts says it has to be generated in Client, but that’s wrong.
Now how to generate the key. We can use “ssh-keygen” command in Linux or a Key generation tool in Windows. Such keys are generated as a pair called key pair. It has a public key and private key. You have keep the public key in the Server machine and use private key from Client machine to connect to the server machine, that’s it. Its simple. Detailed steps are given below.
Note: I am hitting “Enter” wherever there is a default value available.
Step 1 : Generating Key Pair
[Anil’s Dev] ~>ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
The key’s randomart image is:
+–[ RSA 2048]—-+
|. = . |
[Anil’s Dev] ~>
This will generate a key pair in /root/.ssh/. The file with “.pub” extention is the public key. Feel free to rename to whatever you want.
[Anil’s Dev] ~>ls -l /root/.ssh/
-rw——-. 1 root root 1675 Apr 30 11:14 id_rsa
-rw-r–r–. 1 root root 397 Apr 30 11:14 id_rsa.pub
Step 2: Put the public key in server
The content of the public key should be appended to a file called “authorized_keys” in the server.
[Server] ~>cd ~/.ssh/
[Server] .ssh>touch authorized_keys
[Server] .ssh>cat id_rsa.pub >> authorized_keys
Step 3: Connect from Client using private key
[Client] />ssh -i id_rsa root@myServerMachineIp
Last login: Wed Apr 29 20:09:10 2015 from 192.168.1.62
I tried to put in a simple way, if you are not clear on any step there are lots of online posts describing in detail about each step or you can post a question in the comment section.