Public/Private Keys for SSH Authentication

2009 October 26
tags: , , , , , , , , , , , , , , ,
by Matt Bernier

Most of this information comes from here: HowTos/Network/Securing SSH I have taken the liberty to cut out the extra stuff, and reorganize the information a little bit.

Definitions:

Client – The computer you use to connect to the server

Server – The computer/server you are connecting to via SSH

Client Steps:

Get to your user directory by typing:

  1. $ cd ~/

Once you are there, verify that you do not already have an “.ssh” directory, if you do not create it by typing:

  1. $ mkdir .ssh

Now you want to set up the key you will use to authenticate yourself to the server, type:

  1. $ ssh-keygen -t rsa

When this is running, it will ask you for a passphrase, and other settings. You should be able to just hit the enter key through the prompts. This way you do not have to enter a password at all when you run the alias you will set up (this will be explained in a minute).
Once finished running, this last command will create two files, id_rsa and id_rsa.pub in your .ssh directory. These files identify you to the server.
At this point, you need to tell the server who you are by adding yourself to the servers ‘Authenticated users’ list. You do this by copying your id_rsa.pub file to the server.

  1. $ scp .ssh/id_rsa.pub user@server.com:/user/

Note: Be sure to replace the words “user” and “server” appropriately in the command above.

Open your .profile (or .bash_profile) file for editing:

  1. $ nano .profile

Add the following to your .profile file or .bash_profile file to have an alias for your server:

  1. alias servername="ssh user@server.com"

Note: replace the words to match your server/user

Make sure your current bash shell has the current version of your profile file (replace with correct file):

  1. $ source .profile

Server Steps:

Once you have SSHed into your server the old fashioned way, you will need to add yourself to the authenticated users list.
Make sure you are in the user’s root directory:

  1. $ cat id_rsa.pub >> .ssh/authorized_keys

Make sure you have a .ssh folder, if not create it (see above).
Now, add the content of the id_rsa.pub file to the authenticated_keys file in .ssh. If the file exists, this command will concatenate the content of id_rsa.pub to the file. If the file does not exist yet, it will after you run this command:

  1. $ chmod 700 .ssh
  2. $ chmod 600 .ssh/authenticated_keys

Once you have concatenated the data, you are almost ready to go. Just make sure the files have the correct permissions:

  1. $ exit

Now, exit out of your ssh session:

  1. $ servername

Test your Authentication:

To test, just type the name of the alias you set up, should be where you replaced the word “servername” in the alias definition you created earlier:

  1.  

This should send you straight through to the server. Voila!

I Love Social Bookmarking
SubscribeDiggdel.icio.usFacebookFurlRedditStumbleUponTechnorati
Sphere: Related Content

from → Server Stuff, devices

No Comments

Leave A Comment

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS