Setting up SSH key authentication

I feel like this is something I should have figured out a long time ago, however I finally got it working. I figured I would document it here if for no other reason than to have these instructions for myself

SSH is a very secure method for connecting to a remote machine. It essentially establishes a text-based connection between two machines and transfers commands and responses back and forth. Anything that can be done with a command-line (read, anything on the computer) can be done via SSH. It is also the underlying protocol used by Secure Copy Protocol (SCP) and SSH File Transfer Protocol (SFTP). 

SSH uses public key cryptography to encrypt sessions. For example, on my local machine I generate a cryptographic key pair. I then transfer one of those keys (called the public key though there is nothing special about it other than I chose it to be shared) and keep the other key on my machine (called the private key). This is then used to encrypt a session key that will be used to encrypt the traffic for the rest of the session. (I may be glossing over a number of details, but they are not pertinent here.)

To verify that my local machine is authorized to connect to the remote machine I usually have to identify the user and provide a password. For example:

ssh jonathan@192.168.4.32

will connect me to the machine at 192.168.4.32 using the username of jonathan. The response will come back asking for a password, and if I provide it correctly I can be logged in.

Passwords can be problematic. They are usually shorter than a cryptographic key, meaning they are easier for a hacker to guess. Using the public key generated by the SSH service is a much more secure solution.

OK, explanation out of the way. 

I will be setting this up using a Windows based local machine using PowerShell to run the SSH client connecting to a Debian based Linux server. 

On my local machine there is a folder called .ssh in the user's home directory, C:/Users/<Username>/.ssh on most systems. In that folder there should be a file called config with no extension. Open this file in a text editor or create one if it doesn't exist.

Add the following text to the file.

Host rpi

    HostName 192.168.4.32

    User pi

Replace the Host field with the name you want to use in SSH for this machine, the HostName field with the IP address or hostname of the machine you are trying to connect to, and the User field with the username you log in as. Save this in the .ssh directory.

No all you have to do is type:

ssh rpi

to start an SSH session with the remote machine.

On your Windows machine in Powershell enter:

type ~\.ssh\id_rsa.pub

This will display the SSH key for your machine. If you get an errot that the file does not exist then enter:

ssh-keygen

to generate a key. Enter the previous command to verify that it was generated. 

Now enter:

cat ~/.ssh/id_rsa.pub | ssh rpi "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

to transfer the key to the remote machine. Replace rpi with the name you entered in the Host field above. 

Now, you should be able to log in remotely to your machine by simply typing a single line, such as:

ssh rpi