74

I am trying to make a more streamlined means to establish an SSH client connection to a remote server. I have created a public/private keypair and used ssh-copy-id to install the public key onto the remote server.

However, it still was asking for the password unless I put in the path for the identity file with something like ssh -i ~/.ssh/mykey user@host. Should I have to type this to bypass the password with public key authentication?

To bypass this I used .bashrc and created an alias using this path. However, is this the way to do this? Or is it just a question of the server allowing the public key so I can just use the usual ssh user@host?

Improve this question

1 Answer 1

Reset to default
110

If you are able to successfully use keypair authentication with ssh -i ~/.ssh/mykey user@host, you can easily automate this with your SSH client configuration.

For example, if you add this to your ~/.ssh/config file:

Host hostname
  User username
  IdentityFile ~/.ssh/mykey
  IdentitiesOnly yes # see comment in answer below

You can then simply ssh hostname, and your username and identity file settings will be handled by your config file and you're off to the races, as they say.

The IdentityFile directive (which the -i switch for ssh overrides) has a default setting which will look for ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519, and ~/.ssh/id_rsa; any other filenames for private keys must be specified in the config file or with -i on the command line.

If you add IdentityFile to your ssh config, you'll find that the client still sends the default key (see ssh -vv output). This can be problematic when using sites like github with multiple accounts. You'll need to include IdentitiesOnly yes if you want ssh to use only the key you've specified.

Improve this answer
8
  • 1
    I created '~/.ssh/config' like this: Host <server name> Hostname <ip address> User <username> IdentityFile ~/.ssh/<Identity File> But when I 'ssh <server name> I receive "Bad owner or permissions on /home/benny/.ssh/config"
    – Troy
    Commented Jan 14, 2019 at 22:01
  • 1
    Private keys are held by the user logging in; public keys are held by the account being logged into. So long as the user's private key matches one of the authorized_keys in the remote account, you should be fine. In other words, for user's key to work for both remoteuser and root, both of the latter two must have user's public key in their own authorized_keys file.
    – DopeGhoti
    Commented Mar 15, 2019 at 15:39
  • 3
    @Troy I think this is too late but config permissions should be strict according to the manual. 600 is just fine (chmod 600 ~/.ssh/config)
    – sçuçu
    Commented Oct 3, 2021 at 20:38
  • 5
    IdentitiesOnly directive saved my day. I was getting too much login attempts error because ssh client was sending other keys that I have before the correct one.
    – downtheroad
    Commented Nov 25, 2021 at 21:36
  • 1
    Interesting part about SSH sending other keys. Mine does not do this, it sends directly the key I've specified. In the -vv log, it says: debug1: Will attempt key: my-key.pem explicit . OpenSSH_9.0p1 on MacOS
    – Ciprian Tomoiagă
    Commented Aug 7, 2023 at 7:44

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .