Configuring SSH Secure Shell for Workstations for Password-less (Public-Key) Authentication

1. Problem
   

   How can I configure SSH to authenticate to a server using a public/private key pair with no password?

2. Solution
   

   NOTE: This procedure differs slightly depending on whether the server is running OpenSSH or SSH Secure Shell Server. To determine which version the server in question is running, connect to it and type ssh -V.
   

   SSH Secure Shell 2.x.x --> Use Procedure A.
   OpenSSH_3.x --> Use Procedure B.

   NOTE #2: Configuring SSH to authenticate via public keys without a passphrase can be very dangerous! If someone were to get a hold of a person's private key they could authenticate to the SSH server as that person without having to enter a password. Please keep private keys safe!
   
   Procedure A: SSH Secure Shell Server
   
   
   1. Install SSH Secure Shell for Windows.
   2. Once installed, load the GUI version and connect to the SSH server to be configured with password-less authentication.
   3. Once connected, go to Edit, Settings, and then to Global Settings, User Authentication, Keys.
   4. Under Key Pair Management, click Generate New, and then Next. The default settings are fine, but can be changed if they are not felt to be secure enough. SSH will then generate a key for. This can take several minutes.
   5. When it finishes, click Next. Give the key a file name, but do not enter a passphrase. Click OK to the warning that comes up and then click Upload Key. Click Upload in the dialog box that pops up. Click Finish.
   6. Back in the Settings window, next to the Public-Key authentication for the ssh2.exe command line client, click Configure. Click OK twice, and then once more to get out of the settings window.
   7. Go to File, Save Settings, and then exit SSH.
   
   Procedure B: OpenSSH
   
   
   1. Install SSH Secure Shell for Windows.
   2. Once installed, load the GUI version and connect to the SSH server to be configured with password-less authentication.
   3. Once connected, go to Edit, Settings, and then to Global Settings, User Authentication, Keys.
   4. Under Key Pair Management, click Generate New, and then Next. The default settings are fine, but can be changed if they are not felt to be secure enough. SSH will then generate a key for. This can take several minutes.
   5. When it finishes, click Next. Give the key a file name, but do not enter a passphrase. Click OK to the warning that comes up and then click Upload Key. In the dialog box that pops up, Change the Destination Folder to .ssh and click Upload. Click Finish.
   6. Back in the Settings window, next to the Public-Key authentication for the ssh2.exe command line client, click Configure. Click OK twice, and then once more to get out of the settings window.
   7. In the SSH terminal window, type the following commands:
      

      chmod og-wrx ~/.ssh
      ssh-keygen -i -f ~/.ssh/yourkey.pub >> ~/.ssh/authorized_keys2
      chmod og-wrx ~/.ssh/*

      Where 'yourkey' is the name given to the key generated previously.
   8. Go to File, Save Settings, and then exit SSH.
   
   You should now be able to connect to the site you configured without having to enter a password, both from the GUI client and the command line one. To connect from the command line, open a command prompt and type ssh2 username@servername, replacing the username and servername with your own.

3. Other Useful Information

   Installing SSH to connect to remote computers
   Using SCP on SSH Secure Shell for Workstations

Questions not covered in this FAQ? Make sure to send them in!

Last Updated: 2008.06.12 (Thursday) by Jason Hicks