Child pages
  • How-To: SSH via Public Key Authentication PKA
Skip to end of metadata
Go to start of metadata

Summary: 

This page provides instructions on how to setup public key authentication (PKA) or public key infrastructure (PKI) to allow SSH to a remote host using authentication using a private/public key pair. These instructions have been tested in the following scenarios: 

  • macOS (host) to RHEL (remote)
  • RHEL (host) to RHEL (remote)



Generate a Public/Private Key Pair:

Open a Terminal window on your host machine and type the following:

ssh-keygen -b 4096 -t rsa

This will generate the public/private rsa key pair. You will be prompted on where to save the key; the default location (/Users/<username>/.ssh/id_rsa) is fine, so you can just hit " Enter ".
You will be prompted "Enter passphrase (empty for no passphrase)." If your goal is to SSH into machines without having to type in your password, leave this field blank and hit " Enter ".
You will be prompted to enter the same passphrase again. Hit " Enter ".

You will receive the following confirmation:
Your identification has been saved in /Users/(username)/.ssh/id_rsa.

Your public key has been saved in /Users/(username)/.ssh/id_rsa.pub.

Transfer the Public Key to Remote Machines

You now need to copy your public key to the machines that you want to SSH to. You must copy the public key to each remote machine.

  1. SSH to the remote machine: 

    ssh <username>@<remotemachine>
  2. Then confirm the remote machine has a ".ssh" folder in your account's home directory: 

    ls -la ~
  3. If it does not, create the .ssh folder: 

    mkdir ./.ssh
  4. Make sure that directory is accessible only to your account: 

    chmod 700 ./.ssh
  5. Now copy your public key to the remote machine, from the machine you created the keys on: 

    scp .ssh/id_rsa.pub <username>@<remotemachine>:~/.ssh/<hostmachinename>.pub

    where <hostmachinename> will help identify the source of the public key. 

  6. Now SSH into the remote machine you have copied the file to, and cd to the .ssh directory in your home directory: 

    cd .ssh
  7. You'll see the <hostmachinename>.pub file you just copied over. Add its contents to a file named "authorized_keys": 

    cat <hostmachinename>.pub >> authorized_keys
  8. Back on the host machine, test SSH:

    ssh <username>@<remotemachine>

    which should result in a login without a password. 

  9. Repeat for every remote machine. 
  • No labels