Now that I've got a nice shiny VPS setup, I'd like an easier way to ssh into the virtual machine without having to retype my massive random character password.

An SSH public key is the perfect solution.

Client configuration

The first step in the process is to create the .ssh folder on your local machine, which is where the operating system looks for the client part of the SSH key.

mkdir ~/.ssh

Next, create the key using ssh-keygen. You'll be prompted to enter a pass-phrase. At this point you have two choices, enter a pass-phrase, which you will be prompted for every time you try to use ssh to connect to your remote server, or leave it blank and just press enter in order to permit password free SSH logins. The risk with leaving it blank is that if your PC is stolen or compromised, an attacker will be able to extract the private key and use it to connect to your server without a password.

ssh-keygen -f ~/.ssh/id_rsa -t rsa

Set the correct rights to your home folder, the .ssh folder and your key files or SSH will complain and not use the keys.

chmod 755 ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*

Then, copy the public key to the remote machine using scp, making sure to replace <root> with the name of the remote machine's root user and <server> with either of it's URL or IP address. Don't forget the colon ":" at the end of the line or the command won't do anything.

scp ~/.ssh/id_rsa.pub <root>@<server>:

Server configuration

Now, connect to the server using SSH as you normally would and create the .ssh folder in the root users home.

mkdir ~/.ssh

The scp command copied the public key file, id_rsa.,pub into the root user's home folder. The contents of this file needs to be appended to any existing keys in the authorized_keys file which is located in the .ssh folder, and then the original file should be deleted.

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
rm ~/id_rsa.pub

As with the client machine, set the server's permissions correctly or SSH will complain.

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Connecting to the server

That's pretty much all there is to setting up a public key. You should now be able to connect to the server by simply issuing the following command. If you didn't enter a pass-phrase when you created the key pair, then you won't be asked for a password when connecting to your remote server.

ssh <root>@<server>

Agent admitted failure?

If you are using Ubuntu, you might be unlucky enough to see the following error when you try to use your SSH public keys.

Agent admitted failure to sign using the key.

This is caused by a bug as documented here, and can be worked around using the following command to remove ssh from the keyring. You'll need to logout and back in or reboot for the change to take effect.

gconftool-2 --set -t bool /apps/gnome-keyring/daemon-components/ssh false