8/12/2019 How to Set Up a Public Key

1/4

In SSH and SSH2 for Unix, how do I set up public key authentication?

Note: The infor ation in this docu ent assu es you are usin! "penSSH on the local andre ote syste s #this is !enerally the case on the UITS central syste s at Indiana Uni$ersity%& Ifyou are usin! a different SSH $ersion, such as one a$ailable fro Tectia, the process outlinedbelow ay not be correct&

'ublic key authentication is an alternati$e security ethod to usin! passwords& To use publickey authentication, you ust !enerate both a public and a pri$ate key #i&e&, a key pair%& (oustore your public key on the re ote hosts on which you ha$e an accounts& (our pri$ate keystays on the co puter you use to connect to those re ote hosts& This ethod allows you to lo!into those re ote hosts, and transfer files to the , without usin! your account passwords&

To set up public key authentication in SSH or SSH2 for Unix:

"n the co puter you)ll use to access the re ote host, !enerate a key pair for the protocol you want to use:

To create a key pair for SSH2, enter:

ssh*key!en *t dsa

To create a key pair for SSH, enter:

ssh*key!en *t rsa+

Note: or security reasons, UITS stron!ly reco ends usin! SSH2 instead of SSH whene$erpossible&

(ou will be pro pted to supply a filena e #for sa$in! the key pair% and a password #for yourpri$ate key%& If you press -nter or .eturn throu!h each of these pro pts, the key !enerationpro!ra will assu e:

(ou want to use the default filena e #e&!&, id/dsa for SSH2%&

(ou do not want to password*protect your pri$ate key&

8/12/2019 How to Set Up a Public Key

2/4

Note: UITS stron!ly reco ends usin! a password to protect your pri$ate key& If your pri$atekey is not password protected, another person can concei$ably access your co puter and thenconnect to your account on the re ote host #where your public key is sa$ed% without enterin! apassword&

The key !eneration pro!ra will create the key pair, includin!:

0 pri$ate key that has the filena e you specified #e&!&, filena e% or the default filena e #e&!&,id/dsa%

0 public key that has the sa e filena e with a &pub extension added #e&!&, filena e&pub orid/dsa&pub%

Use S1' to copy your public key file #e&!&, filena e&pub% to your account on the re ote host#e&!&, d$ader deathstar&co %& To do so, enter:

scp 34&ssh4filena e&pub d$ader deathstar&co :

5o! into the re ote host usin! your account userna e and password& If your account doesn)talready contain a 34&ssh4authori6ed/keys file, create one& To do so, use the followin!co ands:

kdir *p 34&ssh

touch 34&ssh4authori6ed/keys

Note: If your account already has 34&ssh4authori6ed/keys, executin! these co ands will notda a!e the existin! directory or file&

"n the re ote host, add your public key #e&!&, filena e&pub% to the 34&ssh4authori6ed/keys file7at the co and line, enter:

cat 34filena e&pub 88 34&ssh4authori6ed/keys

(ou ay now safely delete the public key file #e&!&, filena e&pub% fro your account on there ote host& To do so, at the co and pro pt, enter:

r 34filena e&pub

If you prefer to keep a copy of your &pub file #e&!&, filena e&pub% on the re ote host, o$e it tothe &ssh directory& To do so, at the co and pro pt, enter:

8/12/2019 How to Set Up a Public Key

3/4

8/12/2019 How to Set Up a Public Key

4/4

4. +hen you log out, enter the command$ kill $SSH_AGE !_"# To run thiscommand automatically when you log out, place it in your .logout file (if youare using %sh or t%sh ) or your .&ash_logout file (if you are using &ash ).

Note: The versions of these programs for SSH", ssh-agent and ssh-add , are thesame as outlined above. To use them, follow the instructions above, replacing alloccurrences of ssh-agent with ssh-agent , and ssh-add with ssh-add . TheSSH" versions will only work if both your computer and the remote host are runningSSH".