SSH Keys

Discussion in 'Linux Security' started by steelmanronald06, Nov 17, 2011.

  1. steelmanronald06

    steelmanronald06 Administrator Staff Member Staff Writer

    Messages:
    32
    Likes Received:
    12
    Trophy Points:
    8
    There are two machines A and B. The idea is to login (via ssh) from A to B without typing the password that machine B would normally ask for. A is called the client and B is called the server.

    A single command on the client A does this (replace SERVERB by the correct machine name or IP address of server B ):

    Code:
    ssh-keygen -t dsa -f ~/.ssh/identity && cat ~/.ssh/identity.pub | ssh SERVERB 'sh -c "cat - >>~/.ssh/authorized_keys2 && chmod 600 ~/.ssh/authorized_keys2"'

    Press enter twice. Then it will ask you for password when u run this command but this will be the last time it will ask. After this, you can jump to step 4 below.

    Generate your public and private keys on client A, by running:

    Code:
    ssh-keygen -t dsa -f ~/.ssh/mykey

    Just hit enter twice for the passphrase query.

    Next, copy your public key on client A to Server B. Run the command:

    Code:
    cat ~/.ssh/mykey.pub | ssh SERVERB 'sh -c "cat - >>~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"'

    It will ask you for your password. Don't worry, this is the last time you will have to type it in.

    This puts your public key on server B, in a special file that holds trusted public keys, and gives it appropriate permissions so that its readable by you only.

    Move your private key to a file ssh looks for by default and make it secret by running this on client A:

    Code:
    mv ~/.ssh/mykey ~/.ssh/identity && chmod 600 ~/.ssh/identity

    Since this file is like your password, it must be readable by you only.

    You are all set. Now run:


    Code:
    ssh SERVERB

    And server B should let you login without password.
  2. arran

    arran Guest

    thanks you "steelmanronald06" :)

Share This Page