[olug] SSH public/private keys
Vincent.Raffensberger at dtn.com
Vincent.Raffensberger at dtn.com
Tue Nov 11 23:38:50 UTC 2003
I'm surprised Brian hasn't disabled key authentication or at least locked
user's authorized_keys file.
The server is only as secure as it's users in this case.
There's certainly a time and place for key authentication though (stub
networks).
-sorry, I had to say it. At least you set it up from a windows box.
"Eric Penne" <epenne at olug.org>
Sent by: olug-bounces at olug.org
11/11/2003 03:46 PM
Please respond to
Omaha Linux User Group <olug at olug.org>
To
<olug at olug.org>
cc
Subject
[olug] SSH public/private keys
Here is a little howto on using ssh without a password to log in to
places.
In this case I am using my home PC from my own account so that other
people can't use my account to log into other PCs.
from my home directory I run:
ssh-keygen -t dsa
It asks where to save the file and i say /home/epenne/.ssh/id_dsa
it then asks for a passphrase and to repeat the passphrase.
Then it generates the key. In my home directory I have .ssh/id_dsa and
.ssh/id_dsa.pub. I want to put the id_dsa.pub on the computer I will log
in to in this case olug.org.
scp .ssh/id_dsa.pub epenne at olug.org:.ssh/
I then log into olug.org and mv the file .ssh/id_dsa.pub to
.ssh/authorized_keys.
If authorized_keys is already present then I append the id_dsa.pub file to
authorized_keys.
I log off of olug.org then I try to log back into olug.org and presto! I
don't need a password.
Back to security. Remember that you don't want to leave the account that
has your private key (.ssh/id_dsa) open to anybody or they could use that
to login to the server without the password. You should probably
periodically change these keys. It isn't that hard and it saves a lot of
typing if you login to a certain machine many times.
Eric Penne
_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list