Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »

Summary: 

This page provides instructions on how to setup public key authentication (PKA) or public key infrastructure (PKI) to allow SSH to a remote host using authentication using a private/public key pair, also known as passwordless login. These instructions have been tested in the following scenarios: 

  • macOS (local client) to RHEL (remote server)
  • RHEL (local client) to RHEL (remote server)

Generate a Public/Private Key Pair on the local client machine:

Open a Terminal window on your local machine and type the following:

ssh-keygen -b 4096 -t rsa

This will generate the public/private rsa key pair. You will be prompted on where to save the key; the default location (/Users/<username>/.ssh/) is fine, so you can just hit " Enter ".
You will be prompted "Enter passphrase (empty for no passphrase)." If your goal is to SSH into machines without having to type in your password, leave this field blank and hit " Enter ".
You will be prompted to enter the same passphrase again. Hit " Enter ".

You will receive the following confirmation:
Your identification has been saved in ~/.ssh/id_rsa.  This is your private key for your local machine. Guard this key by making sure only your account has access to it 

chmod 600 ~/.ssh/id_rsa


Your public key has been saved in ~/.ssh/id_rsa.pub

Transfer the Public Key to Remote Server

You now need to copy your public key to the machines that you want to SSH to. You must copy the public key to each remote machine.

  1. SSH to the remote machine: 

    ssh <username>@<remotemachine>

  2. Then confirm the remote machine has a ".ssh" folder in your account's home directory: 

    ls -la ~

  3. If it does not, create the .ssh folder: 

    mkdir ~/.ssh

  4. Now copy your local public key to the home directory of the remote server.  Repeat for each account: 

    scp ~/.ssh/id_rsa.pub <username>@<remotemachine>:~/.ssh/<localmachinename>.pub

    where <localmachinename> will help identify the source of the public key. 

  5. Add the <localmachinename>.pub file you just copied over to a file named "authorized_keys": 

    cat ~/.ssh/<localmachinename>.pub >> ~/.ssh/authorized_keys

  6. Make sure that directory and it's files are only accessible by your account: 

    chmod 700 ~/.ssh
chmod go-rwx ~/.ssh/*

  7. Back on the local machine, test SSH: 

    ssh <username>@<remotemachine>

    which should result in a login without a password. 

  8. Repeat for every remote machine that does not have a centralized network home directory.
  • No labels