HOWTO: SSH with KEYS

So, at work yesterday it was suggested to me that I should setup SSH with keys as to avoid the pain caused by attempts to continually use credentials for specific servers I run.

Doing this might seem daunting to the uninitiated, so here is how I did it between my box and the server I wanted to login with an SSH key instead of regular password. Please note there are some security implications from using SSH keys as opposed to password.

Step 1:  Generate your pair of keys. (2 keys will be made, one for the remote server, and one for your own machine).

ssh-keygen -t dsa

Generating public/private dsa key pair.
Enter file in which to save the key (/home/adam/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/adam/.ssh/id_dsa.
Your public key has been saved in /home/adam/.ssh/id_dsa.pub.
The key fingerprint is:
1d:ab:23:29:9f:d6:7c:3c:39:ab:2b:2c:8f:2f:4d:26 [email protected]

Step 2:  your keys are stored, by default in your ‘users’ .ssh folder or ~

cd ~.ssh; ls -l

-rw-------    1 adam     adam          526 Nov  3 01:21 id_dsa
-rw-r--r--    1 adam     adam          330 Nov  3 01:21 id_dsa.pub

Step 3: Observe your beautiful keys.

— id_dsa is your private key. Keep this on the machine you want to login FROM. Do not share the key otherwise it will allow other people to login to your machine. very bad.

— id_dsa.pub is your public key. This can be added to the system you want to login to authorized_keys2 file.

Step 4: Place the public key on the remote server. I simply used scp from the terminal to copy the public key file to the remote server I want to login to.

scp id_dsa.pub [email protected]:./id_dsa.pub

If it works you’ll see a status bar show 100% , 607bytes, Kb/s 0:00 and the time taken to transfer the file

Step 5: Login to the remote server and make public key ready to be used. It is very important these commands are written in this order.

# switch to home dir and make sure .ssh folder exists
cd ~; mkdir .ssh;
cd .ssh

# make sure that the key file is there
touch authorized_keys2

# add key to authorize_keys2 file

cat ../id_dsa.pub >> authorized_keys2
rm ../id_dsa.pub

Step 6:  Ensure correct permissions on the filesystem for ‘secret’ file

chmod 600 authorized_keys2

Step 7: Login using your new ssh keypair

ssh -2 -v [email protected]
debug1: Trying private key: /Users/adam/.ssh/id_rsa
debug1: Offering DSA public key: /Users/adam/.ssh/id_dsa

Job done!

 

Leave a Reply

Your email address will not be published. Required fields are marked *