[olug] SSH public/private keys

Vincent.Raffensberger at dtn.com Vincent.Raffensberger at dtn.com
Tue Nov 11 23:38:50 UTC 2003


I'm surprised Brian hasn't disabled key authentication or at least locked 
user's authorized_keys file.
The server is only as secure as it's users in this case.

There's certainly a time and place for key authentication though (stub 
networks).

-sorry, I had to say it.  At least you set it up from a windows box.




"Eric Penne" <epenne at olug.org> 
Sent by: olug-bounces at olug.org
11/11/2003 03:46 PM
Please respond to
Omaha Linux User Group <olug at olug.org>


To
<olug at olug.org>
cc

Subject
[olug] SSH public/private keys







Here is a little howto on using ssh without a password to log in to 
places.

In this case I am using my home PC from my own account so that other
people can't use my account to log into other PCs.

from my home directory I run:

ssh-keygen -t dsa

It asks where to save the file and i say /home/epenne/.ssh/id_dsa

it then asks for a passphrase and to repeat the passphrase.

Then it generates the key.  In my home directory I have .ssh/id_dsa and
.ssh/id_dsa.pub.  I want to put the id_dsa.pub on the computer I will log
in to in this case olug.org.

scp .ssh/id_dsa.pub epenne at olug.org:.ssh/

I then log into olug.org and mv the file .ssh/id_dsa.pub to
.ssh/authorized_keys.

If authorized_keys is already present then I append the id_dsa.pub file to
authorized_keys.

I log off of olug.org then I try to log back into olug.org and presto! I
don't need a password.

Back to security.  Remember that you don't want to leave the account that
has your private key (.ssh/id_dsa) open to anybody or they could use that
to login to the server without the password.  You should probably
periodically change these keys.  It isn't that hard and it saves a lot of
typing if you login to a certain machine many times.

Eric Penne


_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug




More information about the OLUG mailing list