Home arrow Guides arrow SSH Public Keys Based Authentication Quick Guide
SSH Public Keys Based Authentication Quick Guide PDF
Tuesday, 07 June 2011

Here is a mini Howto about configuring your SSH service to work with Public Keys Based Authentication.

So, you have a BSD Workstation and you want to connect via SSH to a BSD Server using Public Keys Based Authentication.

Step 1. Login to your BSD Workstation to create your Private/Public Keys.

# ssh-keygen -t rsa

You will be prompted to enter file in which to save the key (/home/user/.ssh/id_rsa).
Then you will be prompted to enter a passphrase.You can also choose not to add a passphrase, in which case you press enter.

Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.

Step 2. Copy your public key (id_rsa.pub) to your BSD Server using scp

# scp /home/user/.ssh/id_rsa.pub  This e-mail address is being protected from spam bots, you need JavaScript enabled to view it :~/.ssh/authorized_keys2

If you need to connect to your server from multiple BSD stations you must generate Private/Public Keys on each workstations then append content of id_rsa.pub files from every workstation to your authorized_keys2 file from your server.


a) Change passphrase on your workstation:

# ssh-keygen -p

Previous command can be used to also remove password from a ssh private key, so when your key will be used you will not need to enter a password. In order to do that just do not type any password when you will be prompted to type a new password (after issuing ssh-keygen -p command).

b) Manage your passphrase with ssh-agent, in order not to input passphrase at every ssh auth.

On your workstation type:
# ssh-agent $BASH
# ssh-add

Then type your passphrase. From now on, you will not be prompted to enter a password.

c) List keys
# ssh-add -l

d) Delete a key
# ssh-add -d key

(-D to delete all keys)

e) If you want to use a particular private key (and not use standard id_rsa file from your home/.ssh dir) when you connect via ssh from a client use -i option:

  ssh -i /home/john/.ssh/another_key user@domain


Your sshd config file should contain:

RSAAuthentication yes
PubkeyAuthentication yes

AuthorizedKeysFile      .ssh/authorized_keys2

In order to properly work, rights to authorized_keys2 shoud be 600
Default authorized keys is in .ssh/authorized_keys

Last Updated ( Thursday, 11 April 2013 )
< Prev   Next >

Other BSD Systems





Best BSD firewall?