18 May 2014

Easy SSH key authentication

The nice thing about the ssh-copy-id command is that it will create ~/.ssh on the remote host and ensure all your directory and file permissions are right for connecting. Debugging a non-working SSH key auth is a real pain.

Install using Homebrew under OSX

$ brew install ssh-copy-id

Generate a new SSH key pair

Just hit enter through all the questions:

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/mafro/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/mafro/.ssh/id_rsa.
Your public key has been saved in /Users/mafro/.ssh/id_rsa.pub.
The key fingerprint is:
4a:0f:21:5d:46:f0:cf:d0:6e:f8:eb:99:bd:03:ec:8f mafro@lily.eggs

Now move the key pair to your local ~/.ssh, naming the key for the destination hostname and your local hostname, so it's easy to figure out which key is which later:

$ mv .ssh/id_rsa .ssh/hungryhippos.$(hostname).pky
$ mv .ssh/id_rsa.pub .ssh/hungryhippos.$(hostname).pky.pub

Copy the key to the remote host

$ ssh-copy-id -i ~/.ssh/hungryhippos.lily.pky pi@hungryhippos
/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new
key(s), to filter out any that are already installed
/usr/local/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed --
if you are prompted now it is to install the new keys
pi@hungryhippos's password:

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh 'pi@hungryhippos'"
and check to make sure that only the key(s) you wanted were added.


Tagged in tekkers