1. Overview


In my engineering setup I have a lot of various physical machines, virtual machines, and servers. I tend to work mostly on my Mac laptop and access the other machines on my network remotely via SSH. This can lead to having to type passwords in quite often so I finally decided it was time to update my setup so that I can use my SSH keys to authenticate my connections from my laptop to my other machines.


There are a couple of reasons I decided to do this:


  • Enhanced security. If I am not having to type passwords regularly there is less chance of the passwords getting compromised.
  • Ease of use. It's just quicker if I can connect straight in without having to type a password.


So what do you need to do to be able to work this way? Well it's surprisingly simple to do, so simple I am wondering why I didn't get round to this years ago!


Here is the basic procedure:


  1. Create a local SSH key pair if you don't have them already.
  2. Update the remote server with your SSH public key.


Now we'll take a look at each of these steps to show you how to get things up and running. I'm running MacOS and Linux on my machines, both of which have built in SSH support. I'm not sure how this applies under a Windows environment as I have never tried to do this but the basic concepts should be the same.


2. Implementing SSH Authentication


2.1. Creating a local SSH key pair.


  1. Open a Terminal under MacOS or Linux.

  2. Use the ssh-keygen command to create your new SSH key pair.

    rachael$ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/<username>/.ssh/id_rsa):

    You can just press Enter at this point and let it put the keys in the default directory for your user login.

    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:

    You'll now be asked to enter a passphrase. This is optional, it secures the SSH key pair and prevents them being used without entering the passphrase. This means you are required to type it in though so negating one of my reasons for using this method in the first place. In my system I chose not to use a passphrase. Somebody would have to gain unauthorised access to my laptop to be able to use the SSH keys to get into other machines on my network in any case and for me this is secure enough.

    Your identification has been saved in /home/<username>/.ssh/id_rsa.
    Your public key has been saved in /home/<username>/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:<fingerprint> <username>@<server>
    The keys randomart image is:
    +---[RSA 2048]----+
    |                 |
    |   <textimage>   |
    |                 |


2.2. Adding the SSH public key to the remote server.


  1. Open a terminal under MacOS or Linux (if not open from previous step).

  2. Use the ssh-copy-id command to add your SSH public key to the server.

    rachael% ssh-copy-id <username>@<server>
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/<username>/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    <username>@<server>'s password:
    Number of key(s) added:       1
    Now try logging into the machine, with:   "ssh '<username>@<server>'"
    and check to make sure only the key(s) you wanted were added.


2.3. Testing the new SSH Authentication.


  1. Open a terminal under MacOS or Linux (if not open from previous step).

  2. Attempt to log into the remote machine using the ssh command.

    rachael$ ssh <username>@<server>
    <username>@<server> ~ $

    If all worked you should find yourself logged into your remote machine and at the command prompt without having had to type in a password. If you were asked for your regular password then the above procedures failed to correctly create and install your SSH keys. If you entered a passphrase when generating your SSH keys then you'll be asked to enter the passphrase during login.

3. Conclusion


This guide shows how quick and easy it can be to set up shared key authentication to access other computers via SSH. It isn't comprehensive and covers only the basics I used for setting this up on my systems. Hopefully you may find this useful, please feel free to leave feedback in the comments and thanks for reading!