 |
| Top » Wiki | Support | Wiki | Forum | Downloads | Contact Us |
![[phpwiki]](images/wikibase.png)
Open SSHTo key authentication with OpenSSH.
After this exercise is completed, ssh authentication will use public key authentication instead of prompting for password each time the connection is established. This is particularly useful if you are working with cvs remotely and you are checking in/out/updating your contents frequently.
Always make proper backup before proceeding.
Please report problems and direct all inquiries to Contact US.
If OpenSSH has not been install, from a terminal console in the server, run as root or use sudo:
# apt-get install openssh-server
For the workstation, run as root or use sudo in a terminal console:
# apt-get install openssh-client
2.1 Get Server Key
First we need to get the server public key. We do this by establish a SSH session with the server using the remote user account. At which point you will be prompted to accept the RSA key.
$ ssh user@server.domain.com
Once the server RSA key is accepted, it will be saved in a file named 'known_hosts' residing in a hidden folder in the user default home directory '.ssh' or '~/.ssh'.
After the session is establish, you should be in the remote machine under the remote user's home directory. This confirms that ssh is working, accounts are working.
2.2 Generate Client Key
From the client machine home directory, generate the public and private key pair using rsa encryption and store the key pair in '~/.ssh' directory.
ssh-keygen -q -f .ssh/id_rsa -t rsa
| | |
| | +---- type of key { “rsa1” for SSH1, “rsa” or “dsa” for SSH2.}.
| +------------------- key output filename.
+---------------------- quiet key generation.
$ ssh-keygen -q -f .ssh/id_rsa -t rsa $ ls ~/.ssh -l $ -rw-r--r-- 1 user user 1743 2009-12-01 12:25 id_rsa $ -rw-r--r-- 1 user user 418 2009-12-01 12:25 id_rsa.pub $ -rw-r--r-- 1 user user 2652 2009-11-10 17:29 known_hosts
This confirms the files are created. But they are readable by everyone, so change the permissions.
chmod go-rwx filename |||||| |||||+----------- execute permission. ||||+------------ write permission. |||+------------- read permission. ||+-------------- remove the following set of permissions. |+--------------- change permission to other people. +---------------- change permission to group.
$ chmod go-rwx ~/.ssh/id_rsa* $ ls ~/.ssh -l $ -rw------- 1 user user 1743 2009-12-01 12:25 id_rsa $ -rw------- 1 user user 418 2009-12-01 12:25 id_rsa.pub $ -rw-r--r-- 1 user user 2652 2009-11-10 17:29 known_hosts
This confirms the permissions are changed.
2.3 Add Public Key to Remote Server
From the client machine, transfer the public key to the remote ssh server.
$ scp ~/.ssh/id_rsa.pub user@server.domain.com:
Now, login to the remote server and complete the installation. We need to add the public key into 'authorized_keys' in ~/.ssh directory of our remote user account. Create the '.ssh' directory if it doesn't exist. This '>>' means to append to file, it will automatically create the file if it doesn't exist.
$ mkdir ~/.ssh $ cat id_rsa.pub >> ~/.ssh/authorized_keys
After we added the public key into the authorized key list, we don't need the public key anymore, we remove the extra file 'id_rsa.pub' and set the authorized_keys permission.
$ rm ~/id_rsa.pub $ chmod go-rwx ~/authorized_keys $ ls ~/.ssh -l $ -rw------- 1 user user 418 2009-12-01 14:01 authorized_keys
This is it. We are done.
From a client machine, connect remotely via a terminal.
$ ssh user@server.domain.com
You may get a keystore password prompt for the first time use in each of your session, after which, you won't get prompted again.
