Acceso por clave publica a un servidor ssh

ACCESO POR CLAVE PÚBLICA A UN SERVIDOR SSH 1 - Generamos las claves pública y privada:
pepe@A202P00:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dinux/.ssh/id_rsa): (pulsar enter)
Enter passphrase (empty for no passphrase): egibide
Enter same passphrase again: egibide
Your identification has been saved in /home/pepe/.ssh/id_rsa.
Your public key has been saved in /home/pepe/.ssh/id_rsa.pub.
The key fingerprint is:
03:b2:04:d7:d6:8d:96:b5:e5:82:4a:68:69:95:8d:d9 pepe@A202P00
The key's randomart image is:
+--[ RSA 2048]----+
| . ...B =. . |
| o +* E..+ |
| B.o.. o . |
| + + o . |
| . . S |
| . |
| |
| |
| |

2 - Copiamos la clave pública en el servidor
(minombre.pub)
pepe@A202P00:~$ scp .ssh/id_rsa.pub pepe@172.20.202.112:/home/pepe/.ssh/
The authenticity of host '172.20.202.112 (172.20.202.112)' can't be established.
ECDSA key fingerprint is 2b:11:89:89:84:03:a4:56:1c:15:cb:73:bd:cd:b6:67.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.20.202.112' (ECDSA) to the list of known hosts.
pepe@172.20.202.112's password:
id_rsa 100% 1766 1.7KB/s 00:00

3 - Nos conectamos al servidor por ssh

pepe@A202P00:~$ ssh pepe@172.20.202.112
pepe@172.20.202.112's password:


4 - Añadimos la clave pública al fichero authorized_keys y le damos permiso 600 al fichero
pepe@A202P12:~/.ssh$ cd .ssh
pepe@A202P12:~/.ssh$ cat minombre.pub >> authorized_keys
pepe@A202P12:~/.ssh$ chmod 600 authorized_keys

5 - Salimos de la sesión ssh

6 - Activamos en /etc/ssh/ssh_config el parámetro

ForwardAgent yes

7 - Lanzamos el agente

pepe@A202P00:~$ eval `ssh-agent`
Agent pid 7663

8 - Añadimos la clave privada al depósito de claves

pepe@A202P00:~$ ssh-add .ssh/id_rsa
Enter passphrase for .ssh/id_rsa: (pulsar enter)
Identity added: .ssh/id_rsa (.ssh/id_rsa)

9 - Probamos que funciona:

pepe@A202P00:~$ ssh pepe@172.20.202.112