How to set up SSH certificates on a Fedora 17 client



To generate the key pair (on the local machine)

ssh-keygen -t rsa -b 4096

Copy the public key to the host. I found I first need to restart ssh and execute ssh-add to load the newly created key. Execute the following commands on the local machine:

sudo systemctl restart sshd
ssh-copy-id remote-host

Where remote-host is usually of the format user@host

Finally ssh into the host and edit /etc/ssh/sshd_config to stop passwords being accepted for authorisation

PasswordAuthentication no
KbdInteractiveAuthentication no

I found the second line necessary as without it was still able to connect using connectbot on my phone (details on how to set up certificates for this can easily be found elsewhere)