Passwordless SSH/SFTP for dummies

To get SSH or SFTP access to a server without using a password you need to have a SSH key pair for each computer you want to be able to access the server from. In this document I’ll describe the steps you need to take to generate a key pair if you don’t have one already. If you do, you can use your public key(s) to get access to the server.

I'll also explain how to connect to your server using Cyberduck. Click here to skip to that part.

Disclaimer and stuff

This guide is written with newbies in mind, so I'm very thorough in describing the steps that you must take. This guide will not cover setting up the server side of this system. It assumes that there's a server running with SSH enabled. Be very careful while following this guide. You could screw things up quite badly if you do something wrong. I am not responsible for any damages to your system.

Generating your SSH key pair

Generating your SSH key pair is different for *nix and Windows computers. If you're on a *nix computer follow these steps and if you're on a Windows computer follow these steps.

*nix (Unix / Linux / Apple OS X / etc.)

To generate a key pair on *nix systems you need to open up your Terminal application (command line). Within Terminal you can enter commands and execute them by pressing the enter key. In OS X you can find Terminal under Applications -> Utilities -> Terminal.

Step 1: Check for existing SSH keys

The first step is to check if you already have SSH keys on your computer. If so, you can use those for authentication and you shouldn’t overwrite them with new ones. If you do overwrite the existing SSH keys, you may not be able to access previously used servers anymore!

Enter the following command:

cat ~/.ssh/id_rsa.pub

If the computer returns something like below you don’t have any existing SSH keys and can continue with step 2:

cat: /home/user/.ssh/id_rsa.pub: No such file or directory

If the computer returns something like below you do have existing SSH keys and can skip to step 3:

ssh-rsa AAAA[...shortened for brevity...]Sw== [email protected]

Step 2: Generate a new SSH key pair

You can use the ssh-keygen command to generate a new SSH key pair as follows:

ssh-keygen -t rsa -b 4096

This command will take a while to run, since it's using 4096 bits in the key (as specified by the -b 4096 option). After a short while the computer will output the following:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):

Experienced users can enter an absolute path to the file they'd like to use as their private key, but we're going to press enter to choose the suggested file.

Now the computer will ask for a passphrase (a.k.a. password) for the key file. Enter a personal and strong password you can remember, preferably not your computer password. When you're typing nothing will change on the screen, but that's normal. When you're done typing you can press the enter key and it'll ask you to enter the same password again, do so and press enter again:

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

If you made a mistake here you'll have to enter the password twice again.

The computer will now protect your key with your password and afterwards it'll show something like this (probably without the bunny though):

Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
b0:2c:08:6a:51:07:e2:e3:db:01:0f:bc:a2:3b:60:21 [email protected]
The key's randomart image is:
+--[ RSA 4096]----+
|      (\_/)      |
|     =(^.^)=     |
|     (")_(")     |
+-----------------+

Step 3: Copy your SSH key

To be able to authencticate you, the server needs to have your public key. Your sysadmin (the guy/gal who has control over the server) needs to have that key. This is quite easily done with the cat command:

cat ~/.ssh/id_rsa.pub

Your computer will output your public SSH key and it'll look something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaJrX8sKIB0Ew02ZipS1pqa3osxtPSjrBD9Q7JrBHJ2IBf4IJOGTTJlFYzbGDOMNclmDwFHKPOzPUiO32UyxHmzJpTb1OJTMMKkX1uXrDwFQ/GForY+8141mB0EoSZhLLTbKiF777cU85LPK6EoK7kUyDafWsX62ou4V/ZBsK2JTEuXKyjVI07Zt8jMLwYCRW7f/FKb6f9tkUOKREp1NWxEhbwt3Ij4+euE0+OglI0afiBP/UAoCnJuj6eO04XcsMEyd5HyxCh88hCGB1wvudsp9kLGEHM40ss69zqk8w6IaD/47O6/vpAiOmtW6A5encDSC5xEnKRAJYf09ssktifbru4crBIzZW6R3Tp7zvM81WEtLAdG+ZFdqdY4OEhkuuIGKHiZJ48oh1YdzkNUiCvzerAescc7WqGXstnYSh3R2c9S2y2gPqzbLjxRHYZGn6GNNPnF3uOPjubk25pLHLgbuJtNLdbuLvTFsr4pbtFWdUX4Mglwh6nYl8mABaCFHOMQW05xvuy/RWdhsoxrP1JdcB/uGkJggaUHdpEB0Zv7CdCCAzvQuNMr2L8nnoAP/iS8fAuKOHo15UJhx8NoeWtArHlDF/acucns/n3DCQqO56iv6mOOa9XnW/PEKYD80Kws5NeXJUOUZRBH58mM4dEzLE3WLWW7IHBYHN2ooIWSw== [email protected]

Use your mouse to select this bunch of characters from ssh-rsa to [email protected] (yours will probably say something different). Now copy by using CTRL+C (or CMD+C if you're on a Mac) or by right clicking and choosing Copy.

Now you have the public key copied you can move on to Sending your public key to your sysadmin.

Windows

To generate an SSH key pair on Windows you need to have the PuTTYgen program. You can download that program here (download the puttygen.exe file).

Step 1: Create a folder for your SSH key pair

The first step is to create a folder on your computer for the SSH key pair. The best location is probably your My Documents folder. Use Windows Explorer (the program you use to find your files) to go to your documents folder. Now click on File on the top of the window and select New and then Folder. Name this folder ssh.

Step 2: Generate your SSH key pair with PuTTYgen

Follow these steps to generate an SSH key pair with PuTTYgen:

Open PuTTYgen by double clicking on the puttygen.exe file;
At the bottom of the window you'll see a Parameters section, do the following:
- For Type of key to generate select SSH-2 RSA;
- At Number of bits in a generated key enter 4096;
Click the Generate button;
Move your mouse pointer over the area below the progress bar and keep moving it around untill the progress bar is full. PuTTYgen will now generate a new SSH key;
Type a personal and strong password in the Key passphrase field and type the same password in the Confirm passphrase field;
Click the Save public key button and save the key in the folder you created at step 1 with the following file name: id_rsa.pub;
Click the Save private key button and save the key in the same folder as the public key, but name this one id_rsa.ppk;
Right click on the Public key for pasting into OpenSSH authorized_keys file text field and choose Select All;
Right click on the same field again and choose Copy.

Now you have the public key copied you can move on to Sending your public key to your sysadmin.

Step 3: Copy your SSH key (if you haven't already)

If you haven't copied your public SSH key in step 2, you have to open the file with Notepad and copy the contents from there:

Start by opening Notepad: Click Start, Programs, Accessories and Notepad;
Now in Notepad click on File and Open. Open the id_rsa.pub file in your ssh folder;
Select all text by right clicking and choosing Select All;
Right click again and choose Copy.

Now you can go to the last step: Sending your public key to your sysadmin.

Sending your public key to your sysadmin

With your public SSH key copied you can paste this into an email to your sysadmin and he or she will be able to do the rest. If you haven't copied your public SSH key yet you can find out how for *nix (Unix / Linux / Apple OS X / etc.) here and for Windows here.

If your sysadmin doesn't know what to do with the public key, or you're the sysadmin and you don't know what to do with the public key (I won't tell, I promise), this is what he / she / you need to do: append the public key to the /home/user/.ssh/authorized_keys file without newlines or spaces (apart from the spaces after ssh-rsa and before [email protected]). If the user doesn't exist on the server yet, you'll first need to add him / her / yourself.

Using Cyberduck to access your server

Cyberduck is a free (S)FTP program for Mac and Windows (sorry Linux users!). The main advantage of Cyberduck is that it allows you to select which SSH key you'd like to use to connect to a server. You can follow the steps below to find out how to connect to a SFTP server using Cyberduck.

Download, install and start up Cyberduck

Download Cyberduck here and install it on your computer. After the installation is done open the program.

Setup the connection

To setup the connection to your SFTP server follow the steps below:

Click Open Connection: ![Open connection image] (http://blog.wioo.nl/content/images/2016/02/cd-1.png)
In the window that opens choose SFTP (SSH File Transfer Protocol) at the top; ![Select SFTP] (http://blog.wioo.nl/content/images/2016/02/cd-2.png)
Fill in the following information:
- In the Server field enter the server address (IP address or hostname);
- In the Port field enter the server SSH port if it's not 22;
- In the Username field enter your username for that server;
- Leave the password field empty; ![Fill in the information] (http://blog.wioo.nl/content/images/2016/02/cd-3.png)
Click on More Options to open up that part of the window; ![Open more options] (http://blog.wioo.nl/content/images/2016/02/cd-4.png)
Check the Use Public Key Authentication checkbox; ![Check the checkbox] (http://blog.wioo.nl/content/images/2016/02/cd-5.png)
Select your private key file (id_rsa in *nix and id_rsa.ppk in Windows); ![Select your private key file] (http://blog.wioo.nl/content/images/2016/02/cd-6.png)
Click the Connect button; ![Click connect] (http://blog.wioo.nl/content/images/2016/02/cd-7.png)
You might get a dialog to verify the host, click the Allow button;
You're now asked to fill in your Private Key Passphrase, fill in the password you've chosen for your SSH key and click the Login button. ![Enter your password] (http://blog.wioo.nl/content/images/2016/02/cd-8.png)

If everything went well you can now browse the files on your server!

willemo/passwordless-ssh.md