Install SSH key

Part 2

Posted by Stefan Kecskes on Monday, June 22, 2015

In previous post (Part 1) I showed you how to create the SSH key pair. Today we are going to install the public key on server, that we want to use. The point of installing the Public key is to get to the target server, locate the authorized_keys file (usually in home directory inside .ssh folder) and add our public key to this file. There may be other public keys, and we shouldn’t overwrite them with our key, but to append our key at the end of file. There are many ways how you can install the public key, so I will show you few of them. Don’t learn this on production server. You may cause some error or cause that nobody will be able to SSH into the server. 5 out of 5 Linux Gurus recommend to learn this on your virtual box or some testing machine

Installing SSH key

1a. Using ssh-copy-id

You can copy the public key into new machine’s authorized_keys file using the ssh-copy-id command:

    ssh-copy-id user@

Please replace the user with the username on that server and replace the with the ip address of the server. Alternatively you can use the hostname of server, for example: ssh-copy-id

1b. Using SSH

As a linux newbie you can do following 4 commands:

    cat ~/.ssh/
    ssh user@ 
    mkdir -p ~/.ssh
    cat >>  ~/.ssh/authorized_keys

Explanation of the above code:

  • we will copy our public key called id_rsa into clipboard
  • then we will login with SSH to target server
  • then we make sure the .ssh folder in home directory exist by creating it
  • and finally we paste the clipboard (containing our public key) into authorized_keys file

Linux Gurus would do the same as above, but in one line:

    cat ~/.ssh/ | ssh user@ "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"

2. Installing public SSH key

Doesn’t matter if you go newbie or pro, you should see something like:

    The authenticity of host ' (' can't be established.
    RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '' (RSA) to the list of known hosts.
    user@'s password: 

Enter the password of the user on the server, and the public key is installed in server.

3. Checking the public SSH key installation

Now, you can login to the server simply as:

    ssh user@

or upload any file to server through SSH:

    scp /home/stefan/Doccuments/index.php user@

To check that the authorized_keys file contains your public key or any other public keys you can output all authorized keys on the server with:

    cat ~/.ssh/authorized_keys

4. Additional SSH settings

Let’s check what is set in ssh configuration. The configuration file can slightly vary in filenames. For example ubuntu has ssh_config and CentOS has sshd_config. Open it using nano editor and using sudo as this config file is system protected:

    sudo nano /etc/ssh/ssh_config

Let’s say that you now have your ssh key set up and your public key is installed in server. You want to limit access only to users with installed SSH key and turn off the authentication using password. To do that, find line with PasswordAuthentication, uncomment it by removing # on the beginning of the line and change the value to no. The line should look like this:

    PasswordAuthentication no

If you are using CentOS, try to find PermitRootLogin and set it to PermitRootLogin without-password Save the file and to put the changes to effect type into terminal:

    reload ssh

That is all for today. We learned how to add our public key to server so that server can cryptographically authenticate us and we also learned how to disable loging into server using passwords.