In the article: "How to connect through SSH to a device that is in the same network", we show how to connect via SSH in a local network. Similarly, in the article: "How to connect through SSH to a remote device that is not in the same network", we show how to do it when the devices belong to different networks. In both cases however, SSH requires typing the remote user's password. This can be a nuisance if you are constantly connecting to the same device; therefore, a more efficient method is considering the public key authentication.

In this example we are going to consider two devices that belong to different networks. In Fig. 1 we depict this system, where the devices are called office and hp. Our goal is to connect from the office device to the hp device using the public key authentication, thus avoiding the use of the password of ortiz@hp.

A summary of this article with some extra info appears in the following video:

The steps to follow are:

1. Create the SSH key pair

In the office device, we go to the .ssh directory:

cd ~/.ssh

If it does not exist, we create it with the appropriate permissions:

mkdir ~/.ssh && chmod 700 ~/.ssh

In the .ssh directory we type:

ssh-keygen -t rsa -N "" -f nepy.key

Two keys are created, nepy.key and nepy.key.pub, as shown when listing the directory:

ls
known_hosts  nepy.key  nepy.key.pub

2. Copy the public key to the remote device

We connect via SSH to the remote device. To do this in the terminal we type:

ssh ortiz@87.123.243.210 -p 1132

In your case you must choose your username and the corresponding IP and external port. Details about this configuration are given in the article: "How to connect through SSH to a remote device that is not in the same network". In case you consider a domain name, just replace the IP with that name. Details on how to set a domain name are given in the article: "How to configure a free domain name for a dynamic IP". Once you are connected to ortiz@hp, go to the .ssh directory

cd ~/.ssh

If it does not exist, we create it just as we did previously in the office device. In this directory, we create the file authorized_keys (if it does not exist):

touch authorized_keys && chmod 600 authorized_keys

We close the session (Ctrl + D) to go back to the office device. In it, we go to the .ssh directory and type the following:

ssh-copy-id -i nepy.key.pub ortiz@87.123.243.210 -p 1132

With this, the public key, nepy.key.pub, has been copied to the authorized_keys file at ortiz@hp. Note that you can add multiple keys to the authorized_keys file, this is common if you want to access to ortiz@hp from multiple devices.

3. Access to the remote device

Public key authentication is now set. To access to ortiz@hp, we type the following:

ssh -i ~/.ssh/nepy.key ortiz@87.123.243.210 -p 1132

In this case, no password is required to access to ortiz@hp. We have achieved a direct access thanks to the public key authentication. If you want to further simplify the access, there are two methods that you can consider, to understand them, I invite you to read the articles: i) "How to connect through SSH without typing the access parameters: The bash alias" and ii) "How to connect through SSH without typing the access parameters: The config file."