I am logged in on host "mac" as user "mausy" and want to remotely login on host "raspberry" as user "pi". But I don't want to have to enter my password every time. This is where SSH public keys come in handy.
(please note that all passwords and keys shown below are fictional)
NOTE: Make sure you have SSH installed on both hosts. SSH usually also comes with scp
which will be used also.
I will start by creating a public key on host "mac":
mausy@mac ~ $ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/mausy/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/mausy/.ssh/id_rsa.
Your public key has been saved in /Users/mausy/.ssh/id_rsa.pub.
The key fingerprint is:
e2:70:80:5d:77:68:6c:ad:5a:14:c7:b2:5f:70:56:b7 mausy@mac
The key,s randomart image is:
+--[ RSA 2048]----+
| ..o=o .. .|
| o . .Bo+ o ..|
| . o + + + E |
| . + . |
| . ooS. . |
| +.. . |
| . |
| |
| |
+-----------------+
mausy@mac ~ $
Next, I make sure that the user "pi" has a .ssh
directory. If the directory already exists, this is no problem. Depending on the network configuration you are using, the hostname.domainname may either need to be raspberry
or raspberry.local
.
I've setup my own DNS-server and defined the local domain as lan
. Check what works for you. I use:
mausy@mac ~ $ ssh pi@raspberry.lan mkdir -p .ssh
pi@raspberry.local,s password:
mausy@mac ~ $
Now, copy the public key to the remote host:
mausy@mac ~ $ scp .ssh/id_rsa.pub pi@raspberry.local:/home/pi/.ssh/authorized_keys
pi@raspberry.local,s password:
id_rsa.pub 100% 395 0.4KB/s 00:00
mausy@mac ~ $
And finally, login on the remote server and discover that you don't need to enter your password.
mausy@mac ~ $ ssh pi@raspberry.lan
Linux raspberry 3.18.0-trunk-rpi #1 PREEMPT Debian 3.18.5-1~exp1+rpi16 (2015-03-28) armv6l
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
pi@raspberry ~ $
We do need to make a small modicifation though, for security reasons:
pi@raspberry ~ $ chmod 600 .ssh
If you have multiple remote hosts just copy the same public key to all of them as shown above.