SSH Public key based authentication PDF
Wednesday, 07 March 2007

Here is a mini Howto about configuring your SSH service to work with Public Keys Based Authentication.

So, you have a BSD Workstation and you want to connect via SSH to a BSD Server using Public Keys Based Authentication.

Step 1. Login to your BSD Workstation to create your Private/Public Keys.

# ssh-keygen -t rsa

You will be prompted to enter file in which to save the key (/home/user/.ssh/id_rsa).
Then you will be prompted to enter a passphrase.You can also choose not to add a passphrase, in which case you press enter.

Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.

Step 2. Copy your public key (id_rsa.pub) to your BSD Server using scp

# scp /home/user/.ssh/id_rsa.pub  This e-mail address is being protected from spam bots, you need JavaScript enabled to view it :~/.ssh/authorized_keys2

If you need to connect to your server from multiple BSD stations you must generate Private/Public Keys on each workstations then append content of id_rsa.pub files from every workstation to your authorized_keys2 file from your server.


a) Change passphrase on your workstation:

# ssh-keygen -p

b) Manage your passphrase with ssh-agent, in order not to input passphrase at every ssh auth.

On your workstation type:
# ssh-agent $BASH
# ssh-add

Then type your passphrase. From now on, you will not be prompted to enter a password.

c) List keys
# ssh-add -l

d) Delete a key
# ssh-add -d key

(-D to delete all keys)

Your sshd config file should contain:

RSAAuthentication yes
PubkeyAuthentication yes

AuthorizedKeysFile      .ssh/authorized_keys2

In order to properly work, rights to authorized_keys2 shoud be 600
Default authorized keys is in .ssh/authorized_keys

Last Updated ( Monday, 06 June 2011 )

Other BSD Systems





Best BSD firewall?