The combo of your Public and Private SSH Key make it possible to login to a server without needing to enter a password. An additional benefit is that logging in with SSH Keys even more secure is than logging in with passwords.
Before you can upload the Public SSH Key, you need to create SSH Keys. I assume you have already done that. In this post we are going to upload your Public SSH Key to the server.
We can distinguish two kind of operations in this procedure:
This makes sense of course, since your Public Key on the server has to match the Private Key on your local machine.
Login to the Server
Login to your server over SSH:
ssh -p $portnumber $username@$ipaddress
- $portnumber with the SSH port of the server
- $username with your own user name
- $ipaddress with the IP address of the server
The default SSH port is 22. However, changing the default port number is another – easy – step to improved security.
You can skip the port number when you are sure that the SSH port on your client machine is the same as that on the server:
Because your SSH Key has not been uploaded yet, you need to login with your password.
Check that you have arrived in your home directory on the server. When the prompt does not include the path, use the pwd (print working directory) command:
The system should reply with:
When it does not, you can get there with:
~ is a shortcut to the /home/$username/ folder of the current user.
Upload the Public SSH Key
First we need to create a folder where we can store the file with our Public SSH Key:
Assign the proper permissions to the .ssh directory:
chmod 700 .ssh
Now only you have access to this folder.
Next we use the Nano editor to create a file named authorized_keys. We are going to add our Public SSH Key to that file.
Open the Public SSH Key file on your local machine with your preferred editor.
Select and copy the contents of that file.
Now paste your Public Key in the authorized_keys file on the server with the keyboard shortcut Shift+Ctrl+V.
Verify that the entire SSH key is displayed on one line in the authorized_keys file.
Save the file (Ctrl+O), and exit Nano (Ctrl+X).
Last but not least, we have to assure us that the file has the proper permissions too:
chmod 600 .ssh/authorized_keys
With these permissions, only you – the owner – is allowed to read and write the file.
Now we are done on the server.
An alternative way is using the
ssh-copy-id command. In case of a Public Key id_rsa.pub:
ssh-copy-id -i /home/wil/id_rsa.pub $username@$ipaddress
The receiving server will ask for your password.
And we are done again.
Load the Private SSH Key
The principle of SSH Keys is that the Public SSH Key on the server, has to match the Private Key on the client. We achieve this by loading the Private SSH Key into the memory of our local machine. We need to do this after every reboot.
Assuming that you have accepted the default value when you created the SSH Keys, we load the Private Key with:
In case you did give the SSH Keys another name, replace the id_rsa part with your name.
The system will ask you to enter the passphrase to unlock the Private SSH Key. Enter it.
Done. That is all.
On my machine — a PC running Kubuntu 16.04 — I autoload the Private SSH Key upon boot with a script.
Whether you can act in a similar way, depends on your operating system.
In case you need to load the Private SSH Key manually, it is a pretty straightforward procedure:
- open terminal window
- type ‘ssh-add’
- enter or paste the file path tot he Private Key
- hit the return key
- enter the passphrase regarding
That is it.
Security is essential, but comes with little annoyances. Unfortunately. It is up to you balance security with convenience.
And when you do not like the hassle with SSH Keys, you always opt to login with your password.