Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

SSH Keys

Discussion in 'Linux Security' started by steelmanronald06, Nov 17, 2011.

  1. There are two machines A and B. The idea is to login (via ssh) from A to B without typing the password that machine B would normally ask for. A is called the client and B is called the server.

    A single command on the client A does this (replace SERVERB by the correct machine name or IP address of server B ):

    ssh-keygen -t dsa -f ~/.ssh/identity && cat ~/.ssh/identity.pub | ssh SERVERB 'sh -c "cat - >>~/.ssh/authorized_keys2 && chmod 600 ~/.ssh/authorized_keys2"'

    Press enter twice. Then it will ask you for password when u run this command but this will be the last time it will ask. After this, you can jump to step 4 below.

    Generate your public and private keys on client A, by running:

    ssh-keygen -t dsa -f ~/.ssh/mykey

    Just hit enter twice for the passphrase query.

    Next, copy your public key on client A to Server B. Run the command:

    cat ~/.ssh/mykey.pub | ssh SERVERB 'sh -c "cat - >>~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"'

    It will ask you for your password. Don't worry, this is the last time you will have to type it in.

    This puts your public key on server B, in a special file that holds trusted public keys, and gives it appropriate permissions so that its readable by you only.

    Move your private key to a file ssh looks for by default and make it secret by running this on client A:

    mv ~/.ssh/mykey ~/.ssh/identity && chmod 600 ~/.ssh/identity

    Since this file is like your password, it must be readable by you only.

    You are all set. Now run:

    ssh SERVERB

    And server B should let you login without password.
  2. arran

    arran Guest

    thanks you "steelmanronald06" :)
  3. grvvash

    grvvash Guest

    thanks for solving my problem

Share This Page