Set up your client
Generate your key.
Configure ssh to use the key.
Your config file should have something similar to the following:
Host SERVERNAME Hostname ip-or-domain-of-server User USERNAME PubKeyAuthentication yes IdentityFile ./path/to/key
You can add
IdentitiesOnly yesto ensure
sshuses the specified
IdentityFileand no other keyfiles during authentication. Setting
IdentitiesOnlyprevents failed authentications from occurring, when
sshwould otherwise attempt to login with multiple keys. Setting this is also considered more secure, as you're not leaking information about other keys you have installed, and maintaining separation of your keys between different levels of access.
Copy your key to your server.
ssh-copy-id -i /path/to/key.pub SERVERNAME`
ssh-copy-id -i ~/.ssh/id_res.pub -p 22 [email protected]
use "-vvv" option
Make sure the server has your PUBLIC key (.pub).
Make sure your IdentiyFile points to your PRIVATE key.
Make sure your
directory has 700 and the files within are 600 permissions.
ssh-keygenwill create files and directories for you with the proper permissions
tail -f /var/log/auth.log(on the server) and monitor errors when you attempt to login
If you have many key files, try
IdentitiesOnly yesto limit the authentication to use the single, specified key.
20.6k77 gold badges4444 silver badges7171 bronze badges
answered Jun 23, 2013 at 21:04
11.1k11 gold badge3636 silver badges6060 bronze badges
FYI, I created a small script at github.com/centic9/generate-and-send-ssh-key which runs the necessary steps in one go and additionally ensures all the file/directory permissions which always caused me headaches…
Just to elaborate step 2: the
IdentityFileline in ~/.ssh/config must point to the PRIVATE key.
I wonder why you'd want to set files to have execute permission in step 4?
It's also very important right permissions per user (use chown and chmod) otherwise you will get an authentication denied even if you server has your public key.
Why does every question like this contain an answer that tells you to start by generating the key using
ssh-keygen? OP already said he has a public and private key.
Posterity and completeness is why.
While the directory requires 700 permissions, the files do not, they should be 600.
tail -f /var/log/auth.loggave the required info for me
authorized_keysis the default and all you need under most circumstances.