Introduction
If you want to stop using passwords to SSH onto your servers then certs are the way to go. When you run an application such as putty and pageant side by side then you will never have to use a username and password again. The reason to use Pageant is so as to avoid entering your private key passphrase repeatedly. Once you load the key and enter the passphrase, the agent will run in the background so all is needed is a single load of the key at the start of your day.
How to
On the client you will need to create an ssh public/private keypair either using putty or similar program on Windows:
Please see here for help with Putty configuration
Or if using Linux:
ssh-keygen -t rsa
This will create two files in your (hidden) ~/.ssh directory called: id_rsa and id_rsa.pub The first: id_rsa is your private key and the other: id_rsa.pub is your public key.
The permissions will also need to be set on the private key:
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa
Copy the public key (id_rsa.pub) to the server and install it to the authorized_keys list:
$ cat id_rsa.pub >> ~/.ssh/authorized_keys
and finally set file permissions on the server:
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
The above permissions are required if StrictModes is set to yes in /etc/ssh/sshd_config (the default).
Make sure the lines in the /etc/ssh/sshd_config file are uncommented:
RSAAuthentication yes
PubkeyAuthentication yes
Once you’ve checked you can successfully login to the server using your public/private key pair, you can disable password authentication completely by adding the following setting to your /etc/ssh/sshd_config file:
# Disable password authentication forcing use of keys
PasswordAuthentication no
