Using keys with SSH rather than passwords

Here is how to use private/public key pairs with SSH.

• Change into your .ssh directory.

  $ cd ~/.ssh

• Next make your key on your client using the following command:

  $ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/test/.ssh/id_dsa): newkey Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in newkey. Your public key has been saved in newkey.pub. The key fingerprint is: a0:00:a0:30:f0:10:60:e0:60:d0:70:70:e0:50:60:60 test@host

This will have made two files newkey and newkey.pub.

• Now run the ssh agent with this command:

  $ eval ssh-agent echo Agent pid 6294;

• Then add your new key to the agent:

  $ ssh-add ~/.ssh/newkey Enter passphrase for /home/test/.ssh/newkey: Identity added: /home/test/.ssh/newkey (/home/test/.ssh/newkey)

• Now you will need to put the new key on the remote host. Do this by other means as you can't SSH yet.

You will need to append the contents of newkey.pub to ~/.ssh/authorized_keys on the remote server. Make sure you do this in the correct user's home directory.

• You should now be able to SSH to the remote host using a command like:

  $ ssh -l username remote.host.com

You should not be prompted for a password.

If you need to SSH from another terminal you will need to set the following environment variables in the new terminal:

$SSH_AGENT_PID
$SSH_AUTH_SOCK

Last updated: 22/12/2005