This post goes through the steps to set up public and private SSH keys on your local and remote machine. It assumes SSH is installed on both parties. You can use the same public key for multiple remote machines to allow you public/private key access. This allows you to turn off password access to a remote machine, thus making it more secure.
The (made up) machine's used are as follows:
Local host: MrBrightside
Remote host: murdoch
Generate ssh keys:
john@MrBrightside:~$ ssh-keygen -t rsa -b 1024 -f john_MrBrightside
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in john_MrBrightside.
Your public key has been saved in john_MrBrightside.pub.
The key fingerprint is:
ee:da:fd:be:89:44:74:52:10:d2:90:e7:dd:14:d9:31
Create local .ssh folder and copy keys to it:
john@MrBrightside:~/.ssh$ mkdir .ssh
john@MrBrightside:~/.ssh$ chmod 700 .ssh
john@MrBrightside:~$ cp john_MrBrightside* .ssh/
john@MrBrightside:~$ cd .ssh/
john@MrBrightside:~/.ssh$ cp john_MrBrightside identity
Copy public key to remote host:
john@MrBrightside:~/.ssh$ scp john_MrBrightside.pub murdoch:~/
The authenticity of host 'murdoch (xx.xx.xx.xx)' can't be established.
RSA key fingerprint is 48:2a:43:9c:0e:5f:91:d6:e4:fd:e6:0b:68:b3:6b:2e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'murdoch' (RSA) to the list of known hosts.
Warning, this system will not accept password ssh logins for much longer.
Please create and upload you ssh keys now.
john@murdoch's password:
john_MrBrightside.pub 100% 227 0.2KB/s 00:00
SSH on to remote host:
john@MrBrightside:~/.ssh$ ssh john@murdoch
Warning, this system will not accept password ssh logins for much longer.
Please create and upload you ssh keys now.
john@murdoch 's password:
Last login: Wed Oct 12 21:53:01 2005 from xx.xx.xx.xx
Create .ssh folder on remote host:
john@murdoch:~$ mkdir .ssh
john@murdoch:~/.ssh$ chmod 700 .ssh
Cat public key to file authorized_keys2 (which may also create it):
john@murdoch:~$ cp john_MrBrightside.pub .ssh/
john@murdoch:~$ cd .ssh/
john@murdoch:~/.ssh$ cat john_MrBrightside.pub >> authorized_keys2
If it is created, ensure authorized_keys2 has the correct permissions:
john@murdoch:~/.ssh$ chmod 600 authorized_keys2
.ssh folder should look like this:
john@murdoch:~/.ssh$ ls -la
total 16
drwx------ 2 john john 4096 2005-10-28 17:36 .
drwxr-xr-x 5 john john 4096 2005-10-28 17:35 ..
-rw------- 1 john john 227 2005-10-28 17:36 authorized_keys2
-rw-r--r-- 1 john john 227 2005-10-28 17:35 john_MrBrightside.pub
Now Exit and test!
john@murdoch:~/.ssh$ exit
john@MrBrightside:~/.ssh$ ssh murdoch
Warning, this system will not accept password ssh logins for much longer.
Please create and upload you ssh keys now.
Last login: Fri Oct 28 17:35:23 2005 from xx.xx.xx.xx
john@murdoch:~$
If you can access the remote host without entering a password (unless the password is for your personal keyring), then it has worked. You can then switch off password entry on the remote host to make it secure.
0 comments:
Post a Comment