This article will go over the step by step instructions for generating RSA keys on Linux and then transferring them to a remote system. Afterwards, you’ll be able to SSH to the remote machine without needing to enter a password.
1. Enter the following command to generate RSA keys. This should be done on the system you want to SSH from.
$ ssh-keygen -t rsa
You’ll need to press enter three times after entering the command. The RSA keys will generated and stored in the user’s
~/.ssh directory. You should see some output that looks like this:
Generating public/private rsa key pair. Enter file in which to save the key (/home/linuxnightly/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/linuxnightly/.ssh/id_rsa Your public key has been saved in /home/linuxnightly/.ssh/id_rsa.pub The key fingerprint is: SHA256:Gl6fxclnDlVDidPuOJqTTWUUS3benGM0eBA9NfVGCjQ linuxnightly@webserver The key's randomart image is: +---[RSA 3072]----+ | .EoOX@| | *+&X| | B=B| | o o.=.| | . S * B | | . + . o O . | | o o * o | | = . | | . | +----[SHA256]-----+
2. Next, use the
ssh-copy-id command to copy the public RSA key over to the system (or systems) that you plan to SSH into. You’ll be prompted for a password, but this will be the last time. Substitute your own username and hostname (or IP address) into this example.
$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@hostname
You should see some output similar to that below.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/linuxnightly/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys email@example.com's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'firstname.lastname@example.org'" and check to make sure that only the key(s) you wanted were added.
That’s all there is to it. You’re now be able to use your usual SSH command to login, but will no longer be prompted for a password.