SSH Public key based authentication


Create the cryptographic Key on FreeBSD / Linux / UNIX workstation, enter:

ssh-keygen -t rsa
Assign the pass phrase (press [enter] key twice if you don’t want a passphrase). It will create 2 files in ~/.ssh directory as follows:
  • ~/.ssh/id_rsa : identification (private) key
  • ~/.ssh/ : public key
Use scp to copy the (public key) to server as authorized_keys2 file, this is know as Installing the public key to server.
scp .ssh/
From FreeBSD workstation login to server:
Changing the pass-phrase on workstation (if needed):
ssh-keygen -p
Use of ssh-agent to avoid continues pass-phrase typing
At freebsd workstation type:
ssh-agent $BASH
Type your pass-phrase
Now ssh server will not use prompt for the password. Above two commands can be added to your ~/.bash_profile file so that as soon as you login into workstation you can set the agent.

Deleting the keys hold by ssh-agent

To list keys, enter:
ssh-add -l
To delete all keys, enter:
ssh-add -D
To delete specific key, enter:
ssh-add -d key


To generate a public and private key run this command on your backup server:

sudo ssh-keygen -t rsa

We do not want a passphrase for this key because we want these computers to be able to connect to each other without our intervention. Press “ENTER” through all of the prompts to accept the defaults.

user@backupserver:~#: sudo ssh-keygen –t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
The key's randomart image is:

We now have a public and private key pair that will allow us to sign in to other servers from our backup server. We need to transfer our public key to the machine we will be backing up so that it knows that we are allowed to access it.

sudo ssh-copy-id -i /root/.ssh/

Be sure to change “” to the IP address or domain name of the server you will back up.

Once that command executes, you should check that you are able to log-in to your server from your backup server without a password.

sudo ssh

Once you’ve verified that you can connect correctly, exit out so that you are able to work on your backup server again.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.