Implement RSA Authentication Under SSH

To implement RSA authentication under ssh so that the user is not continually asked prompted for a remote-host password when using ssh, scp, or any programs using ssh underneath such as cvs and svn do the following.

  1. Create a public/private RSA key pair. This will be used for RSA authentication. When generating this RSA key pair don’t enter a passphrase otherwise you will always be prompted for it.
    $ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/fkim/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/fkim/.ssh/id_rsa.
    Your public key has been saved in /home/fkim/.ssh/id_rsa.pub.
    The key fingerprint is:
    2a:59:54:3f:82:8f:79:92:1d:39:7b:62:02:68:97:e6 fkim@paltp1235
    
    $ cd .ssh
    $ chmod 400 id_rsa id_rsa.pub
  2. Copy the public RSA key to the remote host.
    $ scp -p ~/.ssh/id_rsa.pub  fkim@betweengo.com:~/
    Password:
    id_rsa.pub                                    100%  396     0.4KB/s   00:00
  3. ssh to the remote host and create an .ssh directory if it does not already exist.
    $ ssh fkim@betweengo.com
    Password:
    [box ~]$ mkdir .ssh
    [box ~]$ chmod 755 .ssh
  4. Append the public RSA key to the list of authorized keys.
    [box ~]$ cat id_rsa.pub >> .ssh/authorized_keys2
    [box ~]$ chmod 644 .ssh/authorized_keys2
  5. Log out and log back in to verify that you no longer need to enter your password.
    $ ssh fkim@betweengo.com
    [box ~]$

Note if this does not work it is sometimes because the ssh client cannot find the id_rsa file. It looks for it normally where it keeps the known hosts file. On most systems this is the default location for where it writes the id_rsa file. On one system I found that it was looking for the id_rsa file in C:\.ssh.

In some cases RSA authentication will not work and you will need to use DSA authentication. This article, SSH Logins Without Providing A Password, gives a good description of how to do this. The instructions are quite similar.

One thought on “Implement RSA Authentication Under SSH

  1. Pingback: betweenGo » HOWTO Stop Being Prompted For Password in TortoiseSVN

Leave a Reply

Your email address will not be published. Required fields are marked *