====== PUBLIC KEY AUTHENTICATION FOR SSH ====== ==== OVERVIEW ==== SSH keeys come in pairs: * //.ssh/id_rsa// - private key * //.ssh/id_rsa.pub// - public key Public key should be copied to servers into //~/.ssh/authorized_keys// (it let's the server authenticate the user). During the client authentication, the client will use its private key, and it will be verified by the public key stored in //~/.ssh/authorized_keys//. Private key is password protected when encrypted. A passphrase is only used to unlock the private key locally and is not transmitted in any form to the remote host. ==== GENERATING KEYS ==== This will generate private/public keys in the default directory: $ ssh-keygen -b 4096 # default size is 2048 Files are here: clienthost:~ user$ ls -l .ssh/ | grep id -rw------- 1 user user 1831 Aug 10 20:50 id_rsa -rw-r--r-- 1 user user 407 Aug 10 20:50 id_rsa.pub After public key is copied to remote serve: $ chmod 700 .ssh/ $ chmod 600 ~/.ssh/authorized_keys # paste your public key into this file There is also a simpler way to copy a public key: $ ssh-copy-id pi@192.168.2.73 ==== SSHD ==== /etc/ssh/sshd_config: PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys ==== MANAGING PASSPHRASE ==== $ ssh-agent $ ssh-add