Quickly and easily setup a passwordless and secure connection between two linux computers. This article will show you how to generate public and private keys using ssh-keygen, as well as how to conveniently send your public key to a remote server using ssh-copy-id.
Using ssh-keygen on the client
The first thing we need to do is to create a public key and a private key on your client computer. Bring up your command terminal and enter the following :
Walk through the steps from the key generation utility to complete the process. Just hit enter for the default key location and again twice to skip creating a passphrase. Below is an example run-through and while it may look complicated you’re only entering ssh-keygen and hitting the enter key three times :
user@localhost:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): [ENTER] Enter passphrase (empty for no passphrase): [ENTER] Enter same passphrase again: [ENTER] Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: 80:32:7d:89:32:bf:08:ad:25:df:2c:66:de:b7:99:49 user@localhost The key's randomart image is: +--[ RSA 2048]----+ | | | . o . | | = + + | | . * . . | |o o . S | | * + . | |. * + E | | + o ..+ | | . ..=. | +-----------------+ user@localhost:~$
This will have created both a private key (~/.ssh/id_rsa) and a public key (~/.ssh/id_rsa.pub). Never give out your private key.
Depending on your particular environment, you may or may not see the Randomart image for your key. These are of little concern to most people in most cases. Here is a quote (taken from an older OpenSSH release) describing this further :
“The intent is to render SSH host keys in a visual form that is amenable to easy recall and rejection of changed host keys. This technique inspired by the graphical hash visualisation schemes known as “random art[*]”, and by Dan Kaminsky’s musings at 23C3 in Berlin.”
Sending your Public Key to the remote server
The next step is to send the newly created public key to the server that we wish to connect to. Often with Linux there are many ways to accomplish the same task. We will use the very convenient ssh-copy-id as it takes care of a number of small details (file creation, permissions, etc.) behind the scenes that for the most part we don’t need to be concerned with.
user@localhost:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@remotehost
You should now be able to ssh from your client computer into the server without having to enter a password.
As a test you could use ssh to execute the uptime command on the server. Without having to enter a password, you will see the results of the command in your client’s terminal like so :
user@localhost:~$ ssh user@remotehost uptime 15:24:23 up 10 days, 11:46, 1 user, load average: 0.15, 0.13, 0.13
Once a pair of computers has a secure connection between them and scripts are able to access files and commands across both systems, there are countless possibilities for applications.