It is possible to use SSH keys instead of a password for logins. That can be useful to avoid having to enter your password for every login (if a blank passphrase is used with the key), or for automated logins for maintenance scripts. Using SSH keys can also be more secure than permitting password-based logins, as the key is far more complex to guess and wouldn't be susceptible to regular brute force attempts against it.
The steps to set up an SSH key will vary depending on what software is in use on your client system. For systems based on Unix / Linux, using the "ssh" command line command, the following steps can generally be used:
1. Create .ssh directory
If you don't already have a .ssh directory off of your home directory, that can be created with:
The permissions on that should be set so that only your account can access it:
chmod 700 ~/.ssh
2. Generate SSH key
Once the .ssh directory is in place, a key can be generated by running:
ssh-keygen -t rsa
You will be prompted for the location to store the new key file, you can hit enter to accept the default location. Next, you will be prompted for a passphrase. If you wanted the SSH keys for passwordless logins, leave that field blank. Otherwise, enter the desired passphrase at the prompt, and then re-enter to confirm. The system will then generate the new SSH key and output the location of that.
3. Host public copy of SSH key
Now that you have the SSH key generated, the public copy of that needs to be placed on the system you wish to log into. The "ssh-copy-id" command can be used to simplify that. The syntax for that is:
For the above, please replace USERNAME with the username on the remote system, and SERVER with the hostname or IP address of that system.
If this is the first time this system has connected to the server, the
server fingerprint will be displayed, and you will be prompted to see if you wish to continue connecting. The proper fingerprint of the server is displayed in the Account Control Center when the system is launched, so that can be used to verify that the connection isn't being hijacked. Assuming the fingerprint matches, enter yes to continue.
When prompted for a password, enter the password for the user you are logging into on the remote server. That will then display the number of keys copied over if it was successful.
You can now try connecting via SSH to the remote server:
If your local system does not have ssh-copy-id, you can upload the key file to the server here, and append that to the ~/.ssh/authorized_keys file.
Using Putty for SSH on Windows
If you are connecting from a Microsoft Windows-based system, you will need to obtain an SSH client program if you do not already have on. One free SSH program for Windows is PuTTY:
The putty.exe file is the client program. For SSH key generation, you'll also want puttygen.exe. The new SSH key can then be created as follows:
- After downloading, launch the "puttygen.exe" program.
- Select "SSH2 RSA" for the "parameters" section if not already selected
- Click "Generate"
- Move your mouse around the progress bar to randomize the key
- Enter the desired passphrase into the "Key passphrase:" box(leave blank for passwordless logins)
- Confirm the passphrase into the "Confirm passphrase:" box
- Select "Save private key" and select path to save to
- Select "Save public key" and select path to save to
The public key can then be uploaded and appended to the ~/.ssh/authorized_keys file.
In PuTTY, to connect with the key, select "SSH" under "Category" on the left-hand side of the screen, then select the "Auth" tab. Click the"Browse" button next to the "Private key file for authentication" field. Browse to the location of the private key created above. Once selected, you can click on "Session" and then save to save that choice in PuTTY. The next time you log into the server, the key should then be used.
For further information on using SSH keys with Ubuntu, please see:
For CentOS, please see section #7 of the following tutorial: