So this may be a relatively basic topic for some. But for others who don’t know already, this could plenty of time and headaches. Here is the situation, you are responsible for managing and maintaining several linux servers. Or you have several servers on your home network (don’t we all 
. Each one has your same user account so you can SSH into them. And each time you connect you have to enter a password. Now most of you have a really nasty obfuscated password right? Or because your a bit lazy the password is not quite what it should be, such as the name of your dog. Either way it’s a pain to get around or way too easy for someone else to do it without knowing it.
There is an easy way already built into SSH that allows you to connect to a known host without using a password, that is still secure and still encrypted. You can do this by using SSH keys. Basically on your workstation, you create a pair of keys for your user, a public and a private. The public key is for what it sounds like, it is the key that you can freely distribute to anyone, which can then be used to authenticate against your private key. The private key is, as you just guessed, is for private use and should never be given out to anyone. Now, you can create public keys from
private ones, but you cannot create private keys from public ones. So no one can recreate your personal private key and pretend to be you. There are other places you can use this key system, such as signing and encrypting email, but that is for another post.
So how do we set this up. Well first you need to create the key pair. On your workstation, logged in as your standard user (I am using the user Joe for example), run:
ssh-keygen -t dsa
It will ask you where to save the key, press Enter to accept the default. It will then ask for a passphrase, leave this empty and press Enter, press Enter again to confirm.
** Now, I know this is not absolutely the most secure way of doing this, but we are going for ease of use for right now. We can follow up with some more secure solutions in the future. Again this is more for managing your home network that would be secured by firewall and not publicly available, meaning if someone gained access to your workstation, nothing would prevent them from connecting to and mucking with your servers, you have been warned. **
Back to it, you are informed that two keys were created and saved as /home/joe/.ssh/id_dsa (private key) and /home/joe/.ssh/id_dsa.pub (public key). We now need to copy the public key to the server we want to connect to;
scp .ssh/id_dsa.pub joe@server:
Now ssh to the server and append the key to the end of the authorized keys directory.
cat id_dsa.pub >> .ssh/authorized_keys
And remove the original file.
rm -f id_dsa.pub
Finally make sure that the folders and files have the proper permissions.
chmod 700 .ssh
chmod 644 .ssh/authorized_keys
Exit from the ssh session and try to reconnect, you should connect without it asking for a login. Now, let’s say one of your workstations is a Windows box, you can import your private key into your connection manager. See your manager help files on how to do this. As far as Windows connection managers you have many choices, the most popular free one is PuTTY. I like to use SecureCRT by VanDyke, it’s a pay for product but it works extremely well and integrates into their other products such as SecureFX, which handles file transfers via ftp and ftp over ssh. Just google around and find one you like.
Stop back sometime as I will be covering some more SSH tricks.
Facebook
Picasa
No comment yet