SSH keys
From HotDec
This file explains how to use SSH keys to allow you to connect without entering a password.
Contents |
Overview
You will use the 'ssh-keygen' tool to generate a "key pair". One of the keys is private (id_dsa), one public (id_dsa.pub). The private key never leaves the local machine and should be readable by nobody but you. Handing out your private key is like handing out your password. The public key can be shared, and must be appended to '~/.ssh/authorized_keys' to allow ssh-ing into an account without a password. Since you will eventually have several public keys in your .ssh folder, it is good to rename the public key to something more specific. I use the format "id_dsa.pub.<user>.<host>," so my public key looks like "id_dsa.pub.golemon.chronicle."
Below a list of steps to get this working:
Linux Client
- Generate the key pair
- ssh-keygen -t dsa (default path, no passphrase)
- cd .ssh
- mv id_dsa.pub id_dsa.pub.user.localhost
- Upload the public key to the server
- scp id_dsa.pub.user.localhost user@remotehost.org:.ssh/
- Add the public key to the authorized keys list
- ssh user@remotehost.org
- cd .ssh
- cat id_dsa.pub.* > authorized_keys
- chmod 644 authorized_keys
- SSH should no longer require a password)
Windows Client
- Connect to the server
- Generate the key pair
- 'Edit->Settings...->Global Settings->User Authentication->Keys'
- 'Generate New...'
- (DSA, 1024 bit)
- Put the public key in Linux format
- (you can find the key by pressing 'Export')
- remove first two lines, last line, and all line-returns
- the file should be all on one line, nothing but the key
- add "ssh-dss " to the beginning of that line (note the space)
- Follow the Linux Client steps 2-4.
Making the SBC Writable
- mount / -o remount,rw
