Note - I have a newer version of this how-to. Please click here
This is a guide on setting up SSH Keys for a UNIX based account. What are SSH keys you ask? They are means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. SSH Keys are considered more secure than using passwords to access systems, because user accounts are authenticated by the server without ever having to send your password over the network. If the passwords are not transmitted then they can't be intercepted.
This guide is not for installing or setting up a SSH server. You must have SSH running on your servers in order to get your SSH keys to work. All the examples are take from a Solaris 10 (SPARC) server. This guide should as work on any UNIX based operating system like Linux, BSD and the Mac.
Create you key pair
The ssh-keygen command will generate a public and private keypair. The keys will be stored at ~/.ssh.The basic command looks like this: ssh-keygen -t [dsa|rsa] The -t sets the type of keys used. In the example below I create a rsa key pair.
man@earth> ssh-keygen -t rsa
Enter file in which to save the key (/home/man/.ssh/id_rsa): Press [Enter] key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/man/.ssh/id_rsa.
Your public key has been saved in /home/man/.ssh/id_rsa.pub.
The key fingerprint is:dfhjodfnk
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01
Enter file in which to save the key (/home/man/.ssh/id_rsa): Press [Enter] key
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/man/.ssh/id_rsa.
Your public key has been saved in /home/man/.ssh/id_rsa.pub.
The key fingerprint is:dfhjodfnk
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01
Make sure you don't use a blank passphrase. Doing this is very insecure. Having a blank passphrase defeats the purpose of having having the extra security of a key exchange setup. It is also import to never give out your private key, which also compromises security of your account.
Copy public key
Copy you public key to the authorized_keys file on the remote server.
man@earth> scp ~/.ssh/id_rsa.pub moon:~/.ssh/authorized_keys
If your home directory automounts across a lot of servers. You can copy it over with the cat command.
man@earth> cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Setup Agent
At this point, when you login you get prompted for a passphase. To stop this from happening you need to setup a SSH agent. Run the command below and type in your passphare when prompted.
man@earth> eval `ssh-agent`
man@earth> ssh-add
Enter passphrase for /home/man/.ssh/id_rsa:
Identity added: /home/vivek/.ssh/id_dsa (/home/man/.ssh/id_rsa)
man@earth> ssh-add
Enter passphrase for /home/man/.ssh/id_rsa:
Identity added: /home/vivek/.ssh/id_dsa (/home/man/.ssh/id_rsa)
There are other ways to set up the agent such as using the gnome GUI for example. Unfortunately that only works if your running a gnome desktop. If your a VNC user, you should start your VNC server session after starting your agent in the same terminal. This way all your terminals launched in your VNC session, will use the same agent.
One issue with agents is that sometimes you end up running a lot of agents. Run the command below and kill any agents that you are not using, as a good practice.
man@earth> ps -ef | grep agent
References
g-loaded.eu
Symantec: SSH and ssh-agent
If you have any questions or comments please post below.
No comments:
Post a Comment