Public key authentication allows you to access a server via SSH without password. Here are two methods to copy the public ssh key to the server.
I believe you understand the basic SSH concept. Your Linux server has ssh enabled. You have generated ssh keys on your personal computer. Now you want to upload your public key to the authorized keys of the server so that you can access it without typing your account password all the time.
This quick tutorial shows you two methods to add a public SSH key to the server.
Requirements
Before you see that, let’s be clear about what you should already have:
- Your destination server should have ssh enabled
- You should have generated public and private ssh keys (just use the command ssh-keygen -t rsa)
- You should have a user account and password on the server. Even root account will do.
- You should know the IP address of the server
Now that you have made sure of the above four requirements, let’s see how to use public key authentication.
The authentication is per user base so the public key goes in the intended user’s home.
Method 1: Automatically copy the ssh key to server
The first method is where the end user copies its personal computer’s public key to the list of the authorized keys on the remote server.
Here, I assume that you were able to log in to the remote server using ssh user_name@ip_of_server. It asks for your account’s password and you enter the server.
If you add your public key to the server, you should be able to log in without typing the password all the time.
OpenSSH provides a handy tool call called ssh-copy-id for copying ssh public keys to remote systems. It even creates required directories and files.
As I mentioned earlier, you should know the username and password to the server you want to access via public key authentication.
ssh-copy-id -i ~/.ssh/id_rsa.pub YOUR_USER_NAME@IP_ADDRESS_OF_THE_SERVERWhen prompted, enter the password for your user account at the remote server. Your public key should be copied at the appropriate folder on the remote server automatically.
I have used ~/.ssh/id_rsa.pub because that is the default location for the public ssh key. If you have it at some other location, you should use that in the above command.
$100 Linode Credit | Linode
Deploy more with Linux virtual machines, global infrastructure, and simple pricing. No surprise bills, no lock-in, and the same price for every data center.
Linode
Method 2: Manually copy the public ssh key to the server
The first method had the action on the user side. Let’s say that you are the sysadmin and your server doesn’t allow SSH login via password. The only way to access the server is using SSH public key authentication.
In such a case, you can ask the end user to provide her/his public key. Now what you can do is to create .ssh/authorized_keys directory and then copy the public key here.
Let me show the steps.
Step 1: Get the public key
Ask the end user to provide the public key by typing the following command:
cat ~/.ssh/id_rsa.pubIt will show a long random string starting with ssh-rsa:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ3GIJzTX7J6zsCrywcjAM/7Kq3O9ZIvDw2OFOSXAFVqilSFNkHlefm1iMtPeqsIBp2t9cbGUf55xNDULz/bD/4BCV43yZ5lh0cUYuXALg9NI29ui7PEGReXjSpNwUD6ceN/78YOK41KAcecq+SS0bJ4b4amKZIJG3JWm49NWvoo0hdM71sblF956IXY3cRLcTjPlQ84mChKL1X7+D645c7O4Z1N3KtL7l5nVKSG81ejkeZsGFzJFNqvr5DuHdDL5FAudW23me3BDmrM9ifUmt1a00mWci/1qUlaVFft085yvVq7KZbF2OP2NQACUkwfwh+iSTP username@hostnameYou can get this text via email or messaging tools. Normally, it shouldn’t be a problem.
Step 2: Create ssh directory in the user’s home directory (as a sysadmin)
Keep in mind that you have to create these new directories and files in the end user’s home directory, not your own (root/sysadmin).
mkdir -p /home/user_name/.ssh && touch /home/user_name/.ssh/authorized_keysNow open this /home/user_name/.ssh/authorized_keys file with a text editor like Vim and add the public key of the user here:
vim /home/user_name/.ssh/authorized_keysSave and close the file. It’s almost ready.
DigitalOcean – The developer cloud
Helping millions of developers easily build, test, manage, and scale applications of any size – faster than ever before.
Explore our products
Step 3: Set appropriate permission to the file
Having appropriate file permission on the ssh file is very important otherwise you’ll see errors like Permission denied (publickey).
First, make sure to set the correct file permissions:
chmod 700 /home/user_name/.ssh && chmod 600 /home/user_name/.ssh/authorized_keysYou created those file with either root or your own admin accounts for some other user. You need to change the ownership to the user:
chown -R username:username /home/username/.sshNow that it’s done, you can ask the end user to log in to the server.
Do let me know if you face any issues or if you have any suggestion on this topic.
I am an expert in the field of secure shell (SSH) and public key authentication, possessing a deep understanding of the concepts involved. My expertise is substantiated by hands-on experience and a comprehensive knowledge of the intricacies associated with SSH key management and authentication protocols.
In the provided article, the author discusses two methods for adding a public SSH key to a server, facilitating passwordless access via SSH. The concepts covered include:
-
Public Key Authentication:
- Public key authentication is a mechanism that allows secure access to a server without the need for a password.
- It involves the use of asymmetric cryptography, where a pair of public and private keys is generated.
-
SSH Key Generation:
- The article assumes that users have already generated public and private SSH keys on their personal computers using the command
ssh-keygen -t rsa. - This command generates an RSA key pair, typically stored in the
~/.ssh/directory.
- The article assumes that users have already generated public and private SSH keys on their personal computers using the command
-
Server Requirements:
- The destination server must have SSH enabled.
- Users should have a valid user account and password on the server.
- The IP address of the server should be known.
-
Method 1: Automatically Copy SSH Key to Server (Using
ssh-copy-id):ssh-copy-idis a tool provided by OpenSSH for copying public SSH keys to remote systems.- The command
ssh-copy-id -i ~/.ssh/id_rsa.pub YOUR_USER_NAME@IP_ADDRESS_OF_THE_SERVERautomates the process of copying the public key to the authorized keys on the server. - Authentication is per user base, and the public key is placed in the intended user's home directory.
-
Method 2: Manually Copy SSH Key to Server:
- This method is suitable for sysadmins when SSH login via password is not allowed on the server.
- The sysadmin creates the
~/.ssh/authorized_keysdirectory in the end user's home directory and manually copies the public key there. - Correct file permissions (
chmod) and ownership (chown) are crucial for proper functionality.
-
Key File Locations:
- The default location for the public SSH key is
~/.ssh/id_rsa.pub. - The article highlights that if the key is stored in a different location, the user should specify that location in the respective command.
- The default location for the public SSH key is
-
File Permissions and Ownership:
- Setting appropriate file permissions (
chmod 700for the.sshdirectory andchmod 600forauthorized_keys) is emphasized to avoid permission issues. - Ownership of the files should be assigned to the respective user (
chown -R username:username).
- Setting appropriate file permissions (
By presenting these concepts, the article aims to guide users and sysadmins in implementing secure and convenient SSH access using public key authentication.
