I stole this from some other site… but I just wanted the info stored somewhere on my end… anyways read on.
Lets set up a public key authorization system between two machines. We will call the two systems local and remote. We will also assume there are two different users, user1 on local and user2 on remote.
The first step in setting up a public key system is to make sure that each of the two machines you wish to connect between is in each other’s known_hosts file. This can be done by sshing from one computer to the other, and then from the second computer to the first. So in our example, you would do the following (assuming you are logged in as user1 on local:
|[[email protected]]$ ssh user2@remote
(if prompted, confirm addition of remote to known_hosts)
(enter password for user2)[[email protected]]$ ssh user1@local
(if prompted, confirm addition of local to known_hosts)
(enter password for user1)[[email protected]]$ exit
Connection to local closed.[[email protected]]$ exit
Connection to remote closed.
Now you are back on your local machine and have entered each machine into the other’s known_hosts file. Now you will need to generate keys for the user that will be connecting to the other machine. We are going to go with local sshing to remote, so we will make keys for user1 on local.
|[[email protected]]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
(Press enter to accept default or type a different key name)
Enter passphrase (empty for no passphrase):
(To make things easier, don’t enter a password)
Enter same passphrase again:
(Confrim the password entered before)
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub
The key fingerprint is:
(The fingerprint will be shown as 16 2-digit hex values followed by user@remote)[[email protected]]$
Now you need to transfer the key to the remote computer and add it to that computer’s authorized_keys… we’re almost done!
|[[email protected]]$ scp ~/.ssh/id_rsa.pub user2@remote:user1.pub
(Enter password for user2 when prompted)[[email protected]]$ ssh user2@remote
(Enter password for user2 when prompted)[[email protected]]$ cat ~/user1.pub >> ~/.ssh/authorized_keys[[email protected]]$ chmod 0644 ~/.ssh/authorized_keys
[[email protected]]$ exit
A few things to note about that last section. user1.pub could be any name, but it’s a good idea to keep track of who’s key it is. An even better idea might be to name the key firstname.lastname@example.org so you know exactly where the key is coming from. Second, the cat is used to append to authorized_keys. Some shells don’t support appending to a non-existent file, so you may need to create the file first (use > instead of >>). Of course, if there was no authorized keys file, you could SCP directly to user2@remote:.ssh/authorized_keys, but it is probably best that you create the file on the remote machine so you can see exactly what is happening. Lastly, the 0644 mode values are necessary, although sometimes the shell will set the values for you. If they file already existed, it would likely already have the modes. However, this will not work if the modes are not set right so it’s good to set them again just to make sure.
So what’s next? That’s it! You should be able to easily scp and ssh from local to remote without any problems. To test it, just run a command like [[email protected]]$ scp file user2@remote:file or type [[email protected]]$ ssh user2@remote. You shouldn’t be prompted to enter a password.
Congratulations! You now have an easy, secure way to transfer files between two machines.