There are many times when I do not want to always keep typing in passwords to log into local servers. Not only that, I do not want to be typing passwords when people are watching. If you run a primarily linux network like I do then this can be a real boon to your use of the systems not to have to do the traditional login. So we will need a way to authenticate to the systems we want to use..
There was traditionally two kinds of authentication. RSA and DSA. RSA should not be used any more. Public key authentication can only be established on a per system / user basis only i.e. it is not system wide. You will be setting up ssh with DSA public key authentication for SSH version 2 on two machines.
Note: you will need to be able to use the command line/terminal for this project.
Note: For both the server and the client port 22 should be changed to some number above 1024 that is an unused port. Both numbers must be the same unless you are an advanced user, Other setting should be changed as well.
$ sudo vim /etc/ssh/sshd_config
# Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22
What do you need?
#1 machine : Client machine with ssh installed
$ sudo apt-get update
$ sudo apt-get install ssh
#2 machine : A remote server with ssh and openssh-server
$ sudo apt-get update
$ sudo apt-get install ssh openssh-server
Setting up the keys.
Generate DSA Key Pair
Use ssh-keygen command as follows:
$ ssh-keygen -t dsa
Output:
Enter file in which to save the key (/home/vivek/.ssh/id_dsa): Press [Enter] key
Enter passphrase (empty for no passphrase): myPassword
Enter same passphrase again: myPassword
Your identification has been saved in /home/vivek/.ssh/id_dsa.
Your public key has been saved in /home/vivek/.ssh/id_dsa.pub.
The key fingerprint is:
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01 vivek@vivek-desktop
Caution: a) Please enter a passphrase different from your account password and confirm the same.
b) The public key is written to /home/you/.ssh/id_dsa.pub.
c) The private key is written to /home/you/.ssh/id_dsa.
d) It is important you never-ever give out your private key.
Directory set up and key copy to server.
Set directory permission
Next make sure you have correct permission on .ssh directory:
$ cd
$ chmod 755 .ssh
You can get to the calculator here:
http://www.onlineconversion.com/html_chmod_calculator.htm
Copy public key.
Now copy file ~/.ssh/id_dsa.pub on Machine #1 (tom) to remote server as ~/.ssh/authorized_keys. The command scp is an ssh based network file copy command and it will copy your public key file in this step. (you will be asked your your password on the server to log in.
$ scp ~/.ssh/id_dsa.pub user@server:.ssh/authorized_keys
Server Side.
Now that you have the public key copied over to the server, you need to move it to the right place.
What you just did frim the client machine.
$ scp ~/.ssh/id_dsa.pub user@jerry:.ssh/authorized_keys
Warning: If you already have an authorized_keys file this will write over it. (safer way)
From client machine
$ scp ~/.ssh/id_dsa.pub user@jerry:.
Server side.
$ cp id_dsa.pub >> .ssh/authorized_keys
Change permissions so only you can see and access it.
$ chmod 600 ~/.ssh/authorized_keys
Note: An authorized_key file (no “s” at the end) is for the old rsa keys.
Back to the client.
So you do not have to enter in a passphrase:
Type the following command at shell prompt:
$ exec /usr/bin/ssh-agent $SHELL
$ ssh-add
Logging in.
From the command line you could use:
$ ssh user@servername
or
$ ssh user@remote-server.com
or
$ scp file user@servername:/tmp
Now if you try to logon in from the client to get to a share, you should not get a second password window.
Tada!!
Good day!
kran balka
Jul 30, 2011 @ 15:41:05
Thank you for this valuable post. It changed my mind. Thank you for this valuable post. It changed my attitude.
http://translate.google.com/translate?u=http%3A%2F%2Fkran-rf.ru%2Fkran_balka&sl=ru&tl=en&hl=&ie=UTF-8
Hack facebook accounts
Aug 01, 2011 @ 18:53:37
This is the second entry I read tonight. And I am on my third. Got to think which one is next. Thank you.
internet radio
Aug 02, 2011 @ 11:51:08
It’s interesting to find how challenging the content side is for some
media player
Aug 02, 2011 @ 12:15:46
I hope this was a very interesting post thanks for writing it!
fresh fm
Aug 02, 2011 @ 14:14:27
Great article . Will definitely copy it to my site.Thanks.
Мусоровоз ГАЗ
Aug 02, 2011 @ 17:50:25
Great article . Will definitely apply it to my blog
создать блог бесплатно
Aug 03, 2011 @ 18:41:45
There’s a wealth of information here. Thanks! I’ll be back for more.
Name withheld
Aug 16, 2011 @ 12:45:48
Thank you very much for that excellent article
uksusoff.ru
Aug 17, 2011 @ 08:23:11
Splendid article.