Nugget post: Lessons learned in SSH password-less login

There are plenty of guides on how to setup SSH login to a remote host without having to provide a password. The one I followed was:

http://www.cyberciti.biz/faq/ssh-password-less-login-with-dsa-publickey-authentication/

It essentially is just creating a pair of files on your local machine: your private key and your public key. The public key must be sent to the remote host and added to the “authorized_keys” file. Just a few points I wanted to add:

  1. “authorized_keys” on the remote server is a single file, with a key per line (it’s not a directory with different public key files)
  2. The ssh keys created (public and private) must have the exact permission of 600 (read/write only to owner). If you have a permission of say 640, you’ll get an error that the permissions are too permissive
  3. The ssh client usually allows you to specify the “-i” option, that specifies exactly which keyfile to use. Pay close attention to point it to the private key not the public key. Since the two keys usually have very similar filenames, this caused some confusion. In other words, you should use the id_rsa file, not the id_rsa.pub file
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s