How do you setup ssh to authenticate using keys instead of a username / password?

For each user: they should generate (on their local machine) their keypair using ssh-keygen -t rsa (the rsa can be replaced with dsa or rsa1 too, though those options are not recommended). Then they need to put the contents of their public key (id_rsa.pub) into ~/.ssh/authorized_keys on the server being logged into.


I actually prefer ssh-copy-id, a script found on *nix by default (can be put on Mac OS X easily enough as well) that automatically does this for you. From the man page:

ssh-copy-id is a script that uses ssh to log into a remote machine (presumably using a login password, so password authentication should be enabled, unless you've done some clever use of multiple identities)

It also changes the permissions of the remote user's home, ~/.ssh, and ~/.ssh/authorized_keys to remove group writability (which would otherwise prevent you from logging in, if the remote sshd has StrictModes set in its configuration).

If the -i option is given then the identity file (defaults to ~/.ssh/identity.pub) is used, regardless of whether there are any keys in your ssh-agent.


Hum, don't get it. Simply create a key and get started. :) HOWTO Additionatly you could forbid login via password. In e.g. /etc/ssh/sshd_config:

PasswordAuthentication no

This is fairly straight-forward to do - there's a simple walkthrough to be found here.

The main points are:

  • Run ssh-keygen on your machine. This will generate public and private keys for you.
  • Copy and paste the contents of your public key (likely in ~/.ssh/id_rsa.pub) in to ~/.ssh/authorized_keys on the remote machine.

It's important to remember that this will give anyone who has access to the private key on your machine the same access to the remote machine, so when generating the key pair you may choose to enter a password here for extra security.


For Windows users to setup putty

  • http://www.howtoforge.com/ssh_key_based_logins_putty