I've already written about howto log in, on your local system, and make passwordless ssh connections using ssh-keygen command. However, you cannot just follow these instructions over and over again, as you will overwrite the previous keys.
It is also possible to upload multiple public keys to your remote server, allowing one or more users to log in without a password from different computers.
Step # 1: Generate first ssh key
Type the following command to generate your first public and private key on a local workstation. Next provide the required input or accept the defaults. Please do not change the filename and directory location.
workstation#1 $ ssh-keygen -t rsa
Finally, copy your public key to your remote server using scp
workstation#1 $ scp ~/.ssh/id_rsa.pub user@remote.server.com:.ssh/authorized_keys
Step # 2: Generate next/multiple ssh key
a) Login to 2nd workstation
b) Download original the authorized_keys file from remote server using scp:
workstation#2 $ scp user@remote.server.com:.ssh/authorized_keys ~/.ssh
c) Now create the new pub/private key:
workstation#2 $ ssh-keygen -t rsa
d) Now you have new public key. APPEND this key to the downloaded authorized_keys file using cat command:
workstation#2 $ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
e) Finally upload authorized_keys to remote server again:
workstation#2 $ scp ~/.ssh/authorized_keys user@remote.server.com:.ssh/
You can repeat step #2 for each user or workstations for remote server.
Step #3: Test your setup
Now try to login from Workstation #1, #2 and so on to remote server. You should not be asked for a password:
workstation#1 $ ssh user@remote.server.com
workstation#2 $ ssh user@remote.server.com
Updated for accuracy.
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- My 10 UNIX Command Line Mistakes
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
Facebook it - Tweet it - Print it -
We're here to help you make the most of sysadmin work. So, subscribe!
{ 11 comments… read them below or add one }
Sir
After creation of key in pc-1 (id_rsa.pub) copy to pc-2 as authorized_keys but I am not able to ssh username@pc-2, against it is now asking password.
Kindly help
Dillip Dhala
dkdhal1@gmail.com
@Dillip
It might be that you are using SSLv2 in which case you have to copy/append the key to authorized_keys2
Good tutorial…..
I do something like this:
cat .ssh/id_rsa.pub | ssh user@server “cat >> .ssh/authorized_keys”
e) Should be like
workstation#2 $ scp ~/.ssh/authorized_keys user@remote.server.com:.ssh/
instead of
workstation#2 $ scp ~/.ssh/id_rsa.pub user@remote.server.com:.ssh/authorized_keys
(this ruins the whole idea)
:)
Mikko,
thanks for the heads up!
Can i know why need to append own public key to own authorized_keys?
i thought own public key is used for others?
web1 id_rsa.pub append to web2 authorized_keys (correct)
web2 id_rsa.pub append to web1 authorized_keys (correct)
web2 id_rsa.pub append to web2 authorized_keys (doubt)
if you have trouble login to your server, check if /etc/ssh/sshd_config contains
Protocol 2.PubkeyAuthentication yes
Thanks. We have added this to our intranet wiki, just for future ;)
Check out the ssh-copy-id command. It will take care of appending your public key onto the remote system.
Hi folks,
Currently,for instance, many servers can do passwordless ssh to SERVER A
Now,we are migrating all the stuff from Server A to Server B.
all those servers which were connecting to Server A,now need to connect to Server B.
Can i copy over the authorized_keys file from A to B ,so all those servers can connect to server B passwordlessly.
The idea is to avoid all those servers keys addition to server B /etc/ssh/auth_keys/ file.
Does it matter if platform(solaris to linux,vice versa)is different?
2nd case:
Server A connects to other servers using ssh which is passwordless. ServerA will be replaced by server B.
do i need to send Servers’ B pub key to all those other servers have them add serverB pub key in their authorized key file?
Or to avoid this, can i just copy over the pub key pair from server A to Server B,so other servers wont have to make any change on their side.