Using a SSH Key-Based Authentication

How to

This topic will show you, how easy we can setup ssh between two systems that we will not need to write password anymore during log in to system. In this case we have user testuser and two servers system1 and system2.

In first step we need to generate ssh key pair, for which we use command ssh-keygen. Note, command for generating ssh keys will ask us for passphrase, this could be empty.

system1:~>;
system1:~>; cd .ssh
system1:~/.ssh>;
system1:~/.ssh>;
system1:~/.ssh>; ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/testuser/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/testuser/.ssh/id_dsa.
Your public key has been saved in /home/testuser/.ssh/id_dsa.pub.
The key fingerprint is:
4f:87:85:e1:24:77:ac:db:d8:51:d7:e5:9a:d5:25:47 [MD5] system1
The key's randomart image is:
+--[ DSA 1024]----+
|        . +.. ..E|
|         = +. .+=|
|          o... .+|
|          .o.  + |
|        S o=..o  |
|         oo.o    |
|          .      |
|                 |
|                 |
+--[MD5]----------+
system1:~/.ssh>;
system1:~/.ssh>;
system1:~/.ssh>; ll
total 8
-rw------- 1 testuser users 672 Aug 20 15:49 id_dsa
-rw-r--r-- 1 testuser users 607 Aug 20 15:49 id_dsa.pub
system1:~/.ssh>; cat id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBAL/tx4X2fodwBpkcNvTNcmQs4on2qI+ow8v/I15sGbqQiBEp0gtj3WYo5dlNEu/Tzwx9x/v350OeWULE1HkuJfp9fRWJrAVaMgr56FgAaZzx9nStCyLCDvmZAtHAOSbLkxGZWZK1sJXP5aYXus2nWlf9S+nR8b5qrsnjv6R7teOvAAAAFQDHcQvnqYAkCoSP3v+wwViEJ7uA6wAAAIEAu5ph0E7rXbcOnSdTyPSi6ZzF5/FDjMq3ZgMDv8Uj84E2ec5PbHb/oAzqMHWwne2ckgE6VMl7PiDm4ChNzgaHsbAe1poBNm4DaoJ5HnOPTdebm5y2AUXRc6AbDLluhLld5FQRkNW4ALkVcwATJBbaPpNAk8CF16HlfpSv/PxqbvUAAACBAJNK+HTGvAafQeypFOV4iPKHbJ1fDVOvmBdeB+uYbNVFndaxzrJuCR7xkuqvKIEI0Fm9E1PPtYto1HwJ7RZfIgAG4gGENY14TFFWTb8bP6QdoIyH+F/Vy8QdYoJU3o2VzSDVfgGNGbeACJwW254GNRsfX9FHWD9ld5MYi6wrmLSV system1
system1:~/.ssh>;

When we have generated key pair we will log in to server system2 and copy generated public key which is stored in file id_dsa.pub to file ~/.ssh/authorized_keys.

system1:~/.ssh>;
system1:~/.ssh>; ssh system2
The authenticity of host 'system2 (192.168.201.11)' can't be established.
ECDSA key fingerprint is 10:b3:7b:32:94:89:3f:5e:44:81:96:e3:17:c5:6d:0a [MD5].
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'system2,192.168.201.11' (ECDSA) to the list of known hosts.
Password:
system2:~>;
system2:~>;
system2:~>; cd .ssh/
system2:~/.ssh>;
system2:~/.ssh>; vi authorized_keys
system2:~/.ssh>;

Now we can log out and try lo gin again, but this time without prompting password.

system2:~/.ssh>;
system2:~/.ssh>; logout
Connection to system2 closed.
system1:~/.ssh>;
system1:~/.ssh>;
system1:~/.ssh>; ssh system2
Last login: Wed Aug 20 15:49:36 2014 from system1
system2:~>;
system2:~>;

As we can see our log in to system was without prompting password and we can consider that our ssh key is working right.

Leave a Reply