Getting ssh key authorisation to work in Linux

Client Side

On that machine that is acting as the ssh client you should run the following command to generate a public / private key pair. It will prompt you for the location of a file to be stored the default should be acceptable unless you already have another key generated.

$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/<username>/.ssh/id_rsa):
Created directory '/home/<username>/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/<username>/.ssh/id_rsa.
Your public key has been saved in /home/<username>/.ssh/id_rsa.pub.
The key fingerprint is:
5b:78:75:c2:58:0e:ff:89:c7:8c:0f:38:64:c0:e2:6b username@raspberrypi
The key's randomart image is:

You need to keep the private key private as this is what is going to effectively be your password. It doesn't matter if somebody see's the public key. It is setup this way so you can be granted access to a machine without ever having to exchange a password over the wire. As an example you could email the public key to another admin who already has access to the machine to install the key.

Server Side

On the machine that is acting as the ssh server you will need to copy the public key string that will have been generated on the client side in location "/home//.ssh/id_rsa.pub".

Once you add this to the file "/home//.ssh/authorized_keys" that the ssh authentication should work. If you are using multiple private keys and have a long list of authorization keys on the server it can be wise to comment which keys are from where. This is so that if there is an issue with a "privacy" of a key you know which one to remove at a later time.

Now that ssh works you can login to the machine by using ssh @address. The username part can be omitted if the username on the destination host is the same as the current machine you are working at. As an added bonus it also will mean that scp will work if it is enabled on the server.



Did You find this page useful?

Yes No



Last Modified: 23 February 2017

Releated Posts


2013-03-01 - Linux - What and how to kill a zombie process
2013-02-14 - Linux - Getting sshfs to work
2012-12-12 - Linux - List / Copy group membership for users
2012-12-08 - Linux - ssh key authentication
2012-12-04 - Linux - sudo without a password
2012-10-13 - Rasberry Pi - Alternative method to play video without omx gstreamer element
2012-10-10 - How to run tcpdump as root
2012-07-13 - Linux - Killing all processes for a specific user
2012-04-05 - Using gdb to debug a core file
2012-01-16 - Linux - Color Coding The Bash Prompt
2012-01-14 - Linux - Automatically set the DISPLAY environment variable in SSH connection
2012-01-06 - Adding extra swap space to linux