Wednesday, December 31, 2008

SSH With Private/Public Keys

If you are sick of typing a password every time you shell into a server, there is a relatively secure way to save a private local key and install a public key on the server to automatically log you in. Here's how to do that.

Step 1 (on client):
ssh-keygen
Generating public/private dsa key pair.
Enter file in which to save the key (~/.ssh/id_rsa): (just type return)
Enter passphrase (empty for no passphrase): (just type return)
Enter same passphrase again: (just type return)
Your identification has been saved in ~/.ssh/id_rsa
Your public key has been saved in ~/.ssh/id_rsa.pub
The key fingerprint is:
Some really long string

Step 2 (all of the servers you connect to):
Paste the content of the local ~/.ssh/id_rsa.pub file into the file ~/.ssh/authorized_keys on any remote host you wish to connect to.

Finally, if you want a very very secure shell, then set a password on the key and disable logins challenge-response logins in /etc/ssh/sshd.conf. This will REQUIRE both a password AND a key to log in FOR ALL USERS. If you loose the key, you'll need console access to log in and install a new key.

No comments:

Post a Comment

AddThis

Bookmark and Share