Nugget post: Lessons learned in SSH password-less login

There are plenty of guides on how to setup SSH login to a remote host without having to provide a password. The one I followed was:

http://www.cyberciti.biz/faq/ssh-password-less-login-with-dsa-publickey-authentication/

It essentially is just creating a pair of files on your local machine: your private key and your public key. The public key must be sent to the remote host and added to the “authorized_keys” file. Just a few points I wanted to add:

  1. “authorized_keys” on the remote server is a single file, with a key per line (it’s not a directory with different public key files)
  2. The ssh keys created (public and private) must have the exact permission of 600 (read/write only to owner). If you have a permission of say 640, you’ll get an error that the permissions are too permissive
  3. The ssh client usually allows you to specify the “-i” option, that specifies exactly which keyfile to use. Pay close attention to point it to the private key not the public key. Since the two keys usually have very similar filenames, this caused some confusion. In other words, you should use the id_rsa file, not the id_rsa.pub file