Setting up Keyed SSH Connections

These are notes for creating a one-way connection. For our purposes, the machine you are connecting from is referred to as the “local” machine, and the machine you are connecting to is referred to as the “remote” machine.

These steps work fine even if the usernames on the “local” and “remote” machines are different.

Generate keys on local

  1. Change to the ~/.ssh directory on the “local” machine
  2. Run ssh-keygen -t dsa once
  3. This should make two files, a public key id_dsa.pub and a private key id_dsa.
  4. Then make a copy of the public key with the “local” hostname, for example:

    $ cp id_dsa.pub dev.id_dsa.pub
    

Move public key to remote

  1. Copy the “local” public key to the “remote” ~/.ssh directory, one way or another. For example:

    $ scp dev.id_dsa.pub nstilwell@test:~/.ssh
    
  2. Now you see why we renamed the key? So as not to overwrite the “remote” machines public key, so we dont get confused ;) I am unsure how important this is.

Make/update authorized_keys2 on remote

Append the public key from “local” to the end of ~/.ssh/authorized_keys on “remote”. For example:

$ cat dev.id_dsa.pub >> authorized_keys2

Set permissions

  1. The ~/.ssh directories on both machines should be available (drwxr-xr-x):

    $ chmod 755 ~/.ssh
    
  2. Private keys and the authorized_keys2 file need to be private (-rw——):

    "local"   ->  $ chmod 600 ~/.ssh/id_dsa
    "remote"  ->  $ chmod 600 ~/.ssh/authorized_keys2
    
About

I am a software engineer with Move, Inc.. In my spare time I collect hobbies. All opinions my own.

Copyright © 2018 Nathan Stilwell

All source code is published under MIT. All other content, including images and text, is licensed under CC BY-SA.