<-Back

http://archive.networknewz.com/networknewz-10-20030707AuthenticatingbyPublicKeyOpenSSH.html

Problem

You want to set up public-key authentication between an OpenSSH client and an OpenSSH server.

Solution

Go to the client, the account you want to use.

Generate a key if necessary. If you want to use theses keys within scripts, do not enter any passphrase (leave it blanc), but if so do not share the keys.

    $ mkdir -p ~/.ssh  If it doesn't already exist
    $ chmod 700 ~/.ssh
    $ cd ~/.ssh
    $ ssh-keygen -t dsa

This gives you a pair of keyx in the .ssh folder, one id_dsa private (do not disclose or share), one id_dsa.pub, public key you can share to be identified.

Copy the public key to the remote host:

Best way is to use

 ssh-copy-id -i /home/<user>/.ssh/id_dsa.pub <remote-user>@server-name

This will copy the public key to the remote server, créating the folders and files accordingly if necessary. You can also do this manually with scp.

try connection from the client to the serveur with ssh, you should be prompted to the passphrase in place of the passwd (or not prompted if there is no passphrase).

Alternative way (full manual):

    $ scp -p id_dsa.pub remoteuser@remotehost:
    Password: ********

Log into the remote host and install the public key:

    $ ssh -l remoteuser remotehost
    Password: ********
    remotehost$ mkdir -p ~/.ssh If it doesn't already exist
    remotehost$ chmod 700 ~/.ssh
    remotehost$ cat id_dsa.pub >> ~/.ssh/authorized_keys  (Appending)
    remotehost$ chmod 600 ~/.ssh/authorized_keys
    remotehost$ mv id_dsa.pub ~/.ssh Optional, just to be organized
    remotehost$ logout

Log back in via public-key authentication:

    $ ssh -l remoteuser remotehost
    Enter passphrase for key '/home/smith/.ssh/id_dsa': ********