The SSH protocol is recommended for remote login and remote file transfer which provides confidentiality and security for data exchanged between two computer systems, through the use of public key cryptography. The OpenSSH server provides this kind of setup under Linux. It is installed by default. This how-to covers generating and using ssh keys for automated usage such as:
- Automated Login using the shell scripts.
- Making backups.
- Run commands from the shell prompt etc.
First, log on to your workstation. You will be log in, on your local system, AS THE USER you wish to make passwordless ssh connections. tassk: Generating SSH Keys:
Create the cryptographic Key on Linux / UNIX workstation, enter:
Create the cryptographic Key on Linux / UNIX workstation, enter:
ssh-keygen -t rsa
Assign the pass phrase (press [enter] key twice if you don't want a passphrase). It will create 2 files in ~/.ssh directory as follows:
Assign the pass phrase (press [enter] key twice if you don't want a passphrase). It will create 2 files in ~/.ssh directory as follows:
- ~/.ssh/id_rsa : identification (private) key
- ~/.ssh/id_rsa.pub : public key
Use scp to copy the id_rsa.pub (public key) to your
workstation server as authorized_keys2 file, this is know as
Installing the public key to server.
scp .ssh/id_rsa.pub charmal@centura.com:.ssh/authorized_keys2
From
FreeBSD workstation login to server:
ssh centura.com
Changing
the pass-phrase on workstation (if needed):
ssh-keygen -p
Use
of ssh-agent to avoid continues pass-phrase typing
At freebsd workstation type:
ssh-agent $BASH
ssh-add
Type your pass-phrase
Now ssh server will not use prompt for the password. Above two
commands can be added to your ~/.bash_profile file so that as soon as
you login into workstation you can set the agent.
Deleting the keys hold by ssh-agent
To list keys,
ssh-add -l
To
delete all keys,
ssh-add
-D
To
delete specific key, enter:
ssh-add
-d key
OR
Setting
up SSH public/private keys
SSH (Secure Shell) can be set up with public/private key pairs so that you don't have to type the password each time. Because SSH is the transport for other services such as SCP (secure copy), SFTP (secure file transfer), and other services (CVS, etc), this can be very convenient and save you a lot of typing.
SSH Version 2
On the local machine, type the BOLD part. The non-bold part is what you might see as output or prompt.
On the local machine, type the BOLD part. The non-bold part is what you might see as output or prompt.
- Step
1:
:~$ ssh-keygen
-t dsa Generating
public/private dsa key pair.
Enter file in which to save the key
(~/.ssh/id_dsa): (just
type return)
Enter
passphrase (empty for no passphrase): (just
type return)
Enter
same passphrase again: (just
type return)
Your
identification has been saved in ~/.ssh/id_dsa
Your public key
has been saved in ~/.ssh/id_dsa.pub
The key fingerprint is:
Some
really long string
- Step 2:
Then, paste the content of the local ~/.ssh/id_dsa.pub file into the file ~/.ssh/authorized_keys on the remote host.
- RSA instead of DSA
If
you want something strong, you could try
:~$ ssh-keygen -t rsa -b
4096
- Instead of the names id_dsa and id_dsa.pub, it will be id_rsa and id_rsa.pub , etc.
- The rest of the steps are identical.
- I follow the exact steps, but ssh still ask me for my password!
- Check your remote .ssh directory. It should have only your own read/write/access permission (octal 700)
:~$chmod 700
~/.ssh
SSH Version 1
- Step 1::~$ cd ~/.ssh:~$ ssh-keygen -t rsa1Generating public/private rsa1 key pair.Enter file in which to save the key (~/.ssh/identity): (just type return)Enter passphrase (empty for no passphrase): (just type return)
Enter same passphrase again: (just type return)Your identification has been saved in ~/.ssh/identityYour public key has been saved in ~/.ssh/identity.pubThe key fingerprint is:Some really long string
Step 2:Then, paste content of the local ~/.ssh/identity.pub file into the file ~/.ssh/authorized_keys on the remote host.
