An SSH key will let you automatically log into your server from one particular computer without needing to enter your password. This is convenient if you make frequent SSH and scp connections to your server.
You will create an SSH key on your computer, and then configure your server to accept it. This will allow you to automatically log into your server from this computer, without being prompted for your password.
Please do not set up an SSH key on a public or shared computer that does not use individual profiles. This will allow strangers to easily access your server.
- SSH configured for a user on your server:
- SSH on your local computer: this walkthrough is for Linux/Unix computers, including Mac OS X. See the note at the end of this article for extended PuTTY instructions (for Windows computers).
- A previous SSH connection made from this computer. If you haven’t ever used this computer to log into another server with SSH, please do so now. A simple login will suffice to generate the correct files on your local computer. See the previous links for instructions.
- This step is run on your remote server.
Grid: Log into your server via SSH with your Server Administrator user and execute the following command:
DV: Make the initial SSH connection as the root user and change to the home directory for the user you are creating the key for, then create the .ssh directory:
cd /path/to/users/directory && mkdir .ssh
- This step is run on your local computer. Generate a key on your local computer, using strong encryption:
ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -C "Enter an optional comment about your key"
You should receive a prompt similar to the following. Please use a strong password. If you plan on using your key for automated tasks that don’t require interaction, such as rsync, you might want to leave this blank:
Enter passphrase (empty for no passphrase)
Once you have entered your password twice, you should see output similar to:
Your identification has been saved in /Users/username/.ssh/id_rsa. Your public key has been saved in /Users/username/.ssh/id_rsa.pub. The key fingerprint is: 60:b5:c1:b7:ee:ab:31:d1:70:d8:03:41:df:0f:08:eb Enter an optional comment about your key The key's randomart image is: +--[ RSA 2048]----+ | .=. | | . B o | | X B o | | o X o o | | E S . | | o | | o . | | + | | ..o. | +-----------------+
- This step is run on your local computer. Make sure your .ssh directory and the files it contains have the correct permissions:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
- This step is run on your local computer. Upload your public key to your server. The command below reads the content of the key you just created on your computer, and appends that key to the authorized_keys file on your server. If you don’t have an existing authorized_keys file, it creates one. Replace example.com with your domain:
cat ~/.ssh/id_rsa.pub | ssh email@example.com 'cat - >> ~/.ssh/authorized_keys'
- This step is run on your remote server. Make sure you’re logged in as the user for whom the key was created. Then, ensure your .ssh directory on the server, and the files it contains, have the correct permissions:
chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh/
That’s it! You should now be able to log into your server from this computer without being prompted for a password.
On your remote server, run the following:
ls -la ~/.ssh | grep "authorized_keys"
You should see output similar to the following:
-rw------- 1 example.com example.com 398 Jul 15 10:32 authorized_keys
Note that the directory needs to include the file called “authorized_keys” with -rw——- (600) permissions.
Finally, run this command to check the permissions on your .ssh directory:
ls -la ~ | grep ".ssh"
drwx------ 2 example.com example.com 3 Jul 15 10:32 .ssh
You should have a folder called “.ssh” with drwx—— (700) permissions.
If for either of these tests, you get blank output, or a message similar to the following:
ls: /root/.ssh: No such file or directory