SSH Public Keys
Continuing on the SSH topics, the next topic is the use of public/ private keys to enable passwordless logins.
One of the benefits of SSH is the ability for passwordless logins. This is done through public key exchange. the ssh-keygen program can be used to generate either an RSA or DSA key. The -t option allows you to select either RSA or DSA encryption. The -b option selects the number of bits in the key to create, the default is 1024. The default location for the files created is in the ~Home/.ssh directory. Stick with the default directory due to the fact that other SSH tools will look for keys in this same directory.
After typing in the command ssh-keygen -t (rsa/dsa) you'll be given an option to select a password. The reason to use a password is to protect your key from theft from someone outside your network. If your system is in a protected environment usign a password can be tedious.
After the ssh-keygen program generates your key it will then ask you where to store the key, the default will be in the ~HOME/.ssh/ directory. Then it will ask you for a pass phrase, remember what kind of environment your system is in. Leaving the passphrase blank will leave the private key unencrypted so you have to secure the file from unauthorized access, on your local machine the permissions should be 0600. SSH is very strict about the file permissions which are used on your system and on the remote system.
When the ssh-keygen program completes, two new files will have been created ~HOME/.ssh/id_(rsa or dsa) and ~HOME/.ssh/id_(rsa or dsa).pub the exact file name will depend on wether you selected rsa or dsa encryption.
The final step is to get the keys to the remote system. the first step is to log back into the remote system and create an .ssh directory in your home directory and verify the file permissions are set up properly. The command ssh user@hostname "mkdir .ssh; chmod 0700 .ssh" does this. The next step is to copy the file ~HOME/.ssh/id_(rsa or dsa).pub to the remote sytem. The command scp .ssh/id_(rsa or dsa).pub hostname: .ssh/authorized_keys2 does this.
The next time you want to log into the remote sytem all that is needed is the command ssh hostname. This also works for the scp command.
If there are any problems check the file permissions on both ~HOME/.ssh/* and hostname:~HOME/.ssh.*. The id.(rsa or dsa) file should be 0600 and only on your local machine an everything else should be 0655 or better.
Kimmo Suominen has a good overview of the ssh process. Also the Deadman.org has a decent overview of the SSH agent.
To return to the main directory for the SSH tutorials.
One of the benefits of SSH is the ability for passwordless logins. This is done through public key exchange. the ssh-keygen program can be used to generate either an RSA or DSA key. The -t option allows you to select either RSA or DSA encryption. The -b option selects the number of bits in the key to create, the default is 1024. The default location for the files created is in the ~Home/.ssh directory. Stick with the default directory due to the fact that other SSH tools will look for keys in this same directory.
After typing in the command ssh-keygen -t (rsa/dsa) you'll be given an option to select a password. The reason to use a password is to protect your key from theft from someone outside your network. If your system is in a protected environment usign a password can be tedious.
After the ssh-keygen program generates your key it will then ask you where to store the key, the default will be in the ~HOME/.ssh/ directory. Then it will ask you for a pass phrase, remember what kind of environment your system is in. Leaving the passphrase blank will leave the private key unencrypted so you have to secure the file from unauthorized access, on your local machine the permissions should be 0600. SSH is very strict about the file permissions which are used on your system and on the remote system.
When the ssh-keygen program completes, two new files will have been created ~HOME/.ssh/id_(rsa or dsa) and ~HOME/.ssh/id_(rsa or dsa).pub the exact file name will depend on wether you selected rsa or dsa encryption.
The final step is to get the keys to the remote system. the first step is to log back into the remote system and create an .ssh directory in your home directory and verify the file permissions are set up properly. The command ssh user@hostname "mkdir .ssh; chmod 0700 .ssh" does this. The next step is to copy the file ~HOME/.ssh/id_(rsa or dsa).pub to the remote sytem. The command scp .ssh/id_(rsa or dsa).pub hostname: .ssh/authorized_keys2 does this.
The next time you want to log into the remote sytem all that is needed is the command ssh hostname. This also works for the scp command.
If there are any problems check the file permissions on both ~HOME/.ssh/* and hostname:~HOME/.ssh.*. The id.(rsa or dsa) file should be 0600 and only on your local machine an everything else should be 0655 or better.
Kimmo Suominen has a good overview of the ssh process. Also the Deadman.org has a decent overview of the SSH agent.
To return to the main directory for the SSH tutorials.
<< Home