Have a problem in setting up SSH on UNIX or Linux systems Or you are tired of reading big manuals for SSH setups... No problem.. I am documenting three simple steps for configuring SSH with RSA authentication... Do it by yourself in 5 minutes
Prerequisite: the remote system needs to have ssh installed and sshd running, with RSA authentication enabled. This is the default configuration, and is typically specified with the option: RSAAuthentication yes in /etc/ssh/sshd_config.
Prerequisite: the remote system needs to have ssh installed and sshd running, with RSA authentication enabled. This is the default configuration, and is typically specified with the option: RSAAuthentication yes in /etc/ssh/sshd_config.
Zeroth step: You will need ssh installed on your computer. Procedures for doing this vary by Linux and/or Unix (or other OS) distribution. Refer to system documentation for details.
1. Create a local RSA key:
$ ssh-keygen
Follow the prompts, this takes a few seconds as your computer gathers entropy from the system.
You will be asked to supply a passphrase, you can elect to choose a null passphrase. I would recommend you *do* supply a passphrase as it provides additional security -- your key is not useful without it. The upside is that you only have to remember this one passphrase for all the systems you access via RSA authentication. You can change the passhrase later with "ssh-keygen -p".
This is typically stored in your home directory under .ssh/identity. After doing this, a directory listing of ~/.ssh should look like:
-rw------- 1 karsten karsten 528 Aug 4 21:37 identity
-rw-r--r-- 1 karsten karsten 332 Aug 4 21:03 identity.pub
-rw-r--r-- 1 karsten karsten 28106 Jul 26 16:52 known_hosts
2. Copy the public key identity.pub to the hosts you wish to access remotely. You can do this by any method you like, one option is to use scp, naming the key to indicate your present host:
$ scp .ssh/identity.pub remote-user@remote.host:local-host.ssh
e.g.: I might name a key for my host "navel" navel.ssh.
3. Connect to the remote host. You don't have RSA authentication enabled yet, so you'll have to use an old method such as walking up to the terminal or supplying a password. Add the new hostkey to the file .ssh/authorized_keys.
$ cat local-host.ssh >> .ssh/authorized_keys
Note the use of two right-angles ">" -- this will add the contents of local-host.ssh to a preexisting file, or create the file if it already exists.
Check the permissions of .ssh/authorized_keys, it must be as below or you won't be able to use RSA authentication:
-rw-r--r-- 1 karsten karsten 334 Aug 4 21:03 authorized_keys
And you're all set!
4. Test the method by logging out of the remote server and trying to connect to it via ssh:
$ ssh remote-user@remote-host
You may be prompted for your RSA key passphrase, but you won't need a remote password to connect to the host. If you are prompted for a password, or your connection is refused, something is wrong, and you'll want to refer to the troubleshooting section below.
You can repeat steps 1 - 3 for each remote host you wish to connect from.
More information:
• man ssh
• man ssh-keygen
• man sshd
No comments:
Post a Comment