Howto Linux / UNIX setup SSH with DSA public key authentication (password less login) by nixCraft on May 22, 2007 · 67 comments· LAST UPDATED May 22, 2007 in BASH Shell, CentOS, Debian / Ubuntu Q. How do you set-up SSH with DSA public key authentication? I have Linux laptop called tom and remote Linux server called jerry. How do I setup DSA based authentication so I don’t have to type password? A. DSA public key authentication can only be established on a per system / user basis only i.e. it is not system wide. You will be setting up ssh with DSA public key authentication for SSH version 2 on two machines: #1 machine : your laptop called tom #2 machine : your remote server called jerry Command to type on your laptop/desktop (local computer) First login to local computer called tom and type the following command. Step #1: Generate DSA Key Pair Use ssh-keygen command as follows: $ ssh-keygen -t dsa Output: Enter file in which to save the key (/home/vivek/.ssh/id_dsa): Press [Enter] key Enter passphrase (empty for no passphrase): myPassword Enter same passphrase again: myPassword Your identification has been saved in /home/vivek/.ssh/id_dsa. Your public key has been saved in /home/vivek/.ssh/id_dsa.pub. The key fingerprint is: 04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01 vivek@vivek-desktop Caution: a) Please enter a passphrase different from your account password and confirm the same. b) The public key is written to /home/you/.ssh/id_dsa.pub. c) The private key is written to /home/you/.ssh/id_dsa. d) It is important you never-ever give out your private key. Step #2: Set directory permission Next make sure you have correct permission on .ssh directory: $ cd $ chmod 755 .ssh Step #3: Copy public key Now copy file ~/.ssh/id_dsa.pub on Machine #1 (tom) to remote server jerry as ~/.ssh/authorized_keys: $ scp ~/.ssh/id_dsa.pub user@jerry:.ssh/authorized_keys Command to type on your remote server called jerry Login to your remote server and make sure permissions are set correct: $ chmod 600 ~/.ssh/authorized_keys Task: How do I login from client to server with DSA key? Use scp or ssh as follows from your local computer: $ ssh user@jerry $ ssh user@remote-server.com $ scp file user@jerry:/tmp You will still be asked for the passphrase for the DSA key file each time you connect to remote server called jerry, unless you either did not enter a passphrase when generating the DSA key pair. Task: How do I login from client to server with DSA key but without typing a passhrase i.e. password-less login? Type the following command at shell prompt: $ exec /usr/bin/ssh-agent $SHELL $ ssh-add Output: Enter passphrase for /home/vivek/.ssh/id_dsa: myPassword Identity added: /home/vivek/.ssh/id_dsa (/home/vivek/.ssh/id_dsa) Type your passhrase once. Now, you should not be prompted for a password whenever you use ssh, scp, or sftp command. If you are using GUI such as Gnome use the command: $ ssh-askpass OR $ /usr/lib/openssh/gnome-ssh-askpass To save your passphrase during your GNOME session under Debian / Ubuntu, do as follows: a) Click on System b) Select Preferences c) Select Session d) Click on New e) Enter "OpenSSH Password Management" in the Name text area f) Enter /usr/lib/openssh/gnome-ssh-askpass in the command text area. Howto Linux / UNIX setup SSH with DSA public key authentication g) Click on close to save the changes h) Log out and then log back into GNOME. After GNOME is started, a dialog box will appear prompting you for your passphrase. Enter the passphrase requested. From this point on, you should not be prompted for a password by ssh, scp, or sftp.