Ssh ssl key login

From TheBestLinux.com
Jump to navigationJump to search

SSH Password-Less Setup

Create private & public keys:
I have used arbitrary server names as examples - BE SURE TO USE YOUR OWN SERVER NAMES!!!
I have used the name of the server machine as "server" and your domain as "mydomain.com", so be sure to substitute your own computer name and domain name in my examples below! First, create your private and public ssh(Secure Shell) keys. The default length is only 2048 bits in length, so I force the ssh-keygen command to make it twice the default size, just to make it a little harder for anybody to crack it! Giving the ssh-keygen command the -b 4096 forces it to create 4096 bit keys. The -b stands for number of "bytes", FYI. There is no maximum size to create the keys, but some applications that rely on using the keys may not be able to handle anything longer than 4096 bits. So in my opinion, using 4096 bit keys makes the most sence. Here is the command:

[jamie@server ~]$ ssh-keygen -b 4096 


Save private key in VERY VERY SAFE PLACE! Save public key in VERY VERY SAFE PLACE, as well as upload it to any server needing to log into using this key, by appending the /home/jamie/.ssh/authorized_keys file using cat. The public key uploaded to servers needing it to log into should be renamed to something that makes the key human identifiable, aka: server.mydomain.com.id_rsa.pub which will allow ssh login without using a password:

[jamie@server ~]$ scp server.mydomain.id_rsa.pub jamie@ermarc.net
[jamie@server ~]$ ssh jamie@ermarc.net
[jamie@server ~]$ cat server.mydomain.id_rsa.pub >> /home/jamie/.ssh/authorized_keys
[jamie@server ~]$ chmod 600 /home/jamie/.ssh/authorized_keys


The chmod 600 command is required on only some Linux distros, but not on others, I have discovered.
For instance, with most Redhat based distributions, the chmod 600 command IS required.
But, I have found that with Debian based distros, it is not required!

To find out for sure, check the logs, specifically, /var/log/secure, with Redhat based systems,
and for Debian based systems in /var/log/auth.log for messages like this:

Jun 13 13:20:59 localhost sshd[17548]: Authentication refused: bad ownership or modes for file /home/jamie/.ssh/authorized_keys


The server.mydomain.id_rsa.pub key can be uploaded to any and all servers needing ssh access to and configured as above. This will allow you to log into the server without being prompted or needing to enter in your password!