SSH:TDG
SSH: The Secure Shell (The Definitive Guide)
Barrett, Silverman, & Byrnes / O’Reilly

SSH Frequently Asked Questions

How do I get publickey user authentication to work?


The first thing to understand is that there is no one answer to this question. The SSH protocol only specifies the syntax and semantics of messages passed on the network ("over the wire") between an SSH client and server. It says nothing at all about host-dependent issues, such as how public keys may be encoded in files, or how to indicate that the holder of a particular public key is authorized to log into a particular account. As a result, these issues vary from one implementation to another — and may get especially interesting when connecting from one implementation to another.

First, let's understand how publickey user authentication works in general. In the SSH protocol, a client may make two different requests with regard to publickey authentication. The first is a probe request: it simply asks whether a given public key is authorized to access a given account. The second is an actual authentication attempt: it includes a digital signature generated by the client, which should convince the server that the client possesses the private component of the given public key. The first form exists because generating a digital signature is a computationally expensive operation, so if a client has several different keys available, it is better to test them first and only attempt authentication for those keys which are authorized for login on the server.

From this description, we can see that the client needs the private key, while the server needs the corresponding public key. While the public and private keys are usually written to a pair of files when generating a key, these files need not always be copied as a pair together, and in fact often should not be. For instance, there is no need to have a copy of your private key on a remote host, and you may not want it exposed there if that host is less trusted than the local one.

Another point about key pairs: from following "recipes" for setting up publickey authentication, people sometimes get the idea that they must repeat this entire process for every client/host pair — that is, that you need a separate key pair for each remote host. While you can do that, it's not necessary; a single key may be authorized to log into many different hosts.

OpenSSH client and server

Let's take the most common case: the client and server SSH software are both OpenSSH. To generate a key pair on the client:

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/res/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/res/.ssh/id_rsa.
Your public key has been saved in /Users/res/.ssh/id_rsa.pub.
The key fingerprint is:
f7:4c:80:85:29:2b:ad:34:30:dd:6b:85:de:3c:e7:72 

This generates a new RSA private key and places it in the default location, ~/.ssh/id_rsa. ssh-keygen saves the corresponding public key in ~/.ssh/id_rsa.pub; you can recover this at any time from the private key with ssh-keygen -y -f private-key-file. OpenSSH tries keys in this and the other default location (~/.ssh/id_dsa) automatically during client authentication. You can change this using the IdentityFile option in ~/.ssh/config.

SSH protects your private key by encrypting it with the passphrase you supply; you will need to supply the passphrase whenever the key needs to be loaded from that file. You may be tempted to leave it blank to make things easier; don't do it. There is a tool that gives the same convenience without completely compromising your key: ssh-agent. See this discussion for more details.

Now that you have a key, you need to authorize it to log into your account on the remote host, let's say account pat on the host remote. When asked to log into the account pat, the OpenSSH server (sshd) on remote looks in a particular file for a list of public keys authorized for the account: ~pat/.ssh/authorized_keys. So, in order to authorize your new key, you can copy id_rsa.pub to remote (e.g. using scp), and append its contents to the authorized_keys file. Note that each public key is represented on a single line, usually quite long, like this:

ssh-rsa AAAAB3NzaC1yc2EAA ... [a few hundred more characters here] ... qPPBXvbMy3w== [a comment here]

If you use a text editor, take care that it doesn't break the lines in this file. Once you have added the key to authorized_keys, there is no need to keep the id_rsa.pub file around. Also note that there is never a need to copy the private key file (id_rsa) to the server just for authentication to work; in fact, you would not generally want to. If you need further authentication from that host, consider using ssh-agent together with agent forwarding to get this effect.

File and Directory Permissions

Here's an issue that frequently trips people up: by default, sshd has requirements for the permissions on the authorized_keys file, as well as its containing directory ~/.ssh, and the home directory. Specifically, none of these may be writable by any uid except the owner or root. That means the most permissive modes you can have here are:

$ chmod 755 ~
$ chmod 755 ~/.ssh
$ chmod 644 ~/.ssh/authorized_keys

The reason for caring about the directory permissions, is that it doesn't do much good to protect the authorized_keys file, if someone else can simply delete it and create a new one (by modifying the containing directories).

Try it!

Once everything is in place, try ssh pat@remote and see what happens. You can omit the "pat@" part if the local and remote account names are both the same. OpenSSH should prompt for your key passphrase, then log you into the remote host. If you have trouble, see our debugging hints. The ssh -v output from a successful authentication will look like:
...
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/res/.ssh/res-rsa
debug1: Server accepts key: pkalg ssh-rsa blen 151
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type 
Enter passphrase for key '/Users/res/.ssh/res-rsa': 
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
...

Server Host Keys

One source of occasional confusion, is that two different kinds of authentication take place with each SSH connection: server, and client. Here we are dealing with client (or user) authentication, but the client also authenticates the server first, and this usually also entails some keys called the server's hostkeys. In client authentication we have seen that the private key is on the client and the public key on the server. With server authentication, then, the roles are reversed: the server's private hostkeys are on the server (usually in /etc/ssh/), and the user needs copies of the public hostkeys in order to authenticate the server; these are kept in ~/.ssh/known_hosts. Be careful to distinguish between these: the hostkeys and known_hosts file have nothing to do with publickey client authentication..

Tectia SSH (ssh.com)

SSH Communications Security (ssh.com) sells a suite of SSH software called Tectia. The concepts here are the same; only the details differ, such as file names and formats. Tectia also keeps key pairs in foo/foo.pub files, in the directory ~/.ssh2, and you can create them with the Tectia version of ssh-keygen. On the server, there is a file ~/.ssh2/authorization, which contains lines referring to authorized public keys in separate files, rather than the keys themselves. E.g.:

remote$ cat ~/.ssh2/foo.pub

---- BEGIN SSH2 PUBLIC KEY ----
Subject: pat
Comment: "1024-bit dsa, pat@remote.net, Thu Oct 04 2001 01:39:04 -0400"
AAAAB3NzaC1kc3MAAACBAMXXH+SzAIPRN38GehSARboF873Ic5utBjMcXx1IuFNTvvBi2j
fCyjCBqb66sgS8pdzUl+YyH4sMDp67Q9RKI9po3ePtV03rldPQjtqgmXt2B2eQ6SKXDO3g
+nN9LLEVXp9MpS7g9VnyDWUQCAxu+Khp+uZDzwSy7IVxRm/HHU2dAAAAFQCl1FWQ7bTyoY
7RtEvB6rhqGyY/8QAAAIEAxYgBAFfVKvSC3AZkwWuB4hPLlBeKhL4Yt87vblimHWlaOSFU
llKnCGmdc7R2NL3JZFP210yjapZY25YTKpkO8pdavazVqbzBd1EEtZ93umDqWua2yqPOc8
6MoZJbk7OTJjZRlpd1XZwSI3XgyxaDtf+tCh14ikG13k4A1iKd3/MAAACBALHyHX29XFe3
VseZeG+CiYMfc3qXbMQgpWdZeopg/1Z3qw46Kx4iiNgtZcB7BdoYdIhDvTu+xkffbG22h9
YQnxyM9Kz/cqjKdKHp2VBX/IJU4vEkIPF+kdFPToLvJc+qkIvd1kDqUUW+e6dD6PkpNDdh
gOn/vcgro4IwufBActyG
---- END SSH2 PUBLIC KEY ----

remote$ cat ~/.ssh2/authorization

key foo.pub

Tectia has the same default requirements on server file permissions as those mentioned above for OpenSSH.

Mixing Implementations

Since the file formats used by OpenSSH and Tectia (and other SSH software) may differ, you usually have to convert key files from one format to another when connecting between implementations. For example: