So, at work yesterday it was suggested to me that I should setup SSH with keys as to avoid the pain caused by attempts to continually use credentials for specific servers I run.
Doing this might seem daunting to the uninitiated, so here is how I did it between my box and the server I wanted to login with an SSH key instead of regular password. Please note there are some security implications from using SSH keys as opposed to password.
Step 1: Generate your pair of keys. (2 keys will be made, one for the remote server, and one for your own machine).
ssh-keygen -t dsaGenerating public/private dsa key pair. Enter file in which to save the key (/home/adam/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/adam/.ssh/id_dsa. Your public key has been saved in /home/adam/.ssh/id_dsa.pub. The key fingerprint is: 1d:ab:23:29:9f:d6:7c:3c:39:ab:2b:2c:8f:2f:4d:26 [email protected]
Step 2: your keys are stored, by default in your ‘users’ .ssh folder or ~
cd ~.ssh; ls -l-rw------- 1 adam adam 526 Nov 3 01:21 id_dsa -rw-r--r-- 1 adam adam 330 Nov 3 01:21 id_dsa.pub
Step 3: Observe your beautiful keys.
— id_dsa is your private key. Keep this on the machine you want to login FROM. Do not share the key otherwise it will allow other people to login to your machine. very bad.
— id_dsa.pub is your public key. This can be added to the system you want to login to authorized_keys2 file.
Step 4: Place the public key on the remote server. I simply used scp from the terminal to copy the public key file to the remote server I want to login to.
scp id_dsa.pub [email protected]:./id_dsa.pub
If it works you’ll see a status bar show 100% , 607bytes, Kb/s 0:00 and the time taken to transfer the file
Step 5: Login to the remote server and make public key ready to be used. It is very important these commands are written in this order.
# switch to home dir and make sure .ssh folder exists
cd ~; mkdir .ssh;
# make sure that the key file is there
# add key to authorize_keys2 file
cat ../id_dsa.pub >> authorized_keys2
Step 6: Ensure correct permissions on the filesystem for ‘secret’ file
chmod 600 authorized_keys2
Step 7: Login using your new ssh keypair
ssh -2 -v [email protected]
debug1: Trying private key: /Users/adam/.ssh/id_rsa
debug1: Offering DSA public key: /Users/adam/.ssh/id_dsa