How to generate an ssh key for logging into a server without a password

Question

I have used servers on amazon AWS where they send me a public key .pem file and when I ssh in, all I have to do is:

ssh -i key.pem user@server

I now have a server of my own and am trying to figure out how I can do this with my server so I can automate commands to my server via ssh.

I imagine that I need to generate this key on my server and copy it to my client machine. How do I generate this key?

Answer 1

On the client machine you wish to login from, run ssh-keygen. For a quick and easy key, just hit enter on all of the questions. This will create a key pair in ~/.ssh. Specifically, ~/.ssh/id_rsa is your private key (keep this one safe), and ~/.ssh/id_rsa.pub is your public key (okay to distribute).

Copy your public key (~/.ssh/id_rsa.pub) onto the server that you wish to login to (e.g. scp ~/.ssh/id_rsa.pub me@myserver:. On the server, run cat id_rsa.pub >> .ssh/authorized_keys. To make sure that it has the correct permissions, you can run chmod 644 ~/.ssh/authorized_keys. Also, you can now delete the id_rsa.pub file that you copied over.

That's it! You should have password-less login from client to server. You must repeat the process with client and server swapped if you want password-less login from server to client.

Notes:

1. If the ~/.ssh directory does not exist on your server, the best way to create it is to ssh from the server to some other machine (e.g. the client). This will ensure that it has the correct permissions.
2. If you are paranoid about someone getting access to the client, you can password protect the key (one of the prompts when running ssh-keygen), but then you will have to enter that password every time you log in. The solution to this problem is to use ssh-agent.