Home / Articles

SSH public key authentication

2017-05-02T18:17:00Z.

Besides using username and password for authentication when connecting to remote host over SSH, public key authentication can also be used.

This article assumes both local computer and remote computer support Ed25519 key.

Generate authentication keys

Run the following:

ssh-keygen -t ed25519

The command above generates a Ed25519 key pair. You will be asked for the location of generated key pair files, and a passphase.

For example, if the private key is test.ed25519, the generated public key is test.ed25519.pub.

The private key should be accessible by the key owner only. To change the file permission:

chmod 600 test.ed25519

The above command makes the private key readable and writable by the key owner only.

Add public key

Copy the public key to remote computer and add the public key to the file for user authentication. By default, the file contains public keys is located at ~/.ssh/authorized_keys. On the remote computer, assume the public key is test.ed25519.pub, run the following:

cat test.ed25519.pub >> ~/.ssh/authorized_keys

Open SSH connection with private key

To open SSH connection with the generated private key, on local computer:

ssh -i test.ed25519 -p 22 user@example.com

The -i switch indicates the identity file (i.e. the private key) used for authentication. The -p switch indicates the port which the SSH server on remote computer listens on.

Replace user with a real user on remote computer, and replace example.com with the IP address or hostname of remote computer.

If you provided a passphase when generating the key pair, you need to enter the passphase when connecting to the remote computer.

References

• http://man.openbsd.org/OpenBSD-6.1/ssh-keygen
• http://man.openbsd.org/OpenBSD-6.1/sshd
• http://man.openbsd.org/OpenBSD-6.1/ssh
• http://ed25519.cr.yp.to/