This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
ssh [2017/05/19 20:42] – deul | ssh [2020/10/22 12:12] – jansen | ||
---|---|---|---|
Line 34: | Line 34: | ||
====== SSH keys ====== | ====== SSH keys ====== | ||
====Create a key pair==== | ====Create a key pair==== | ||
- | To create | + | To create |
- | $ ssh-keygen -t dsa | + | $ ssh-keygen -t rsa |
- | Generating public/ | + | Generating public/ |
- | Enter file in which to save the key (/home/xxxx/.ssh/id_dsa): | + | Enter file in which to save the key (/home/testuser1/.ssh/id_rsa): |
- | Enter passphrase (empty for no passphrase): | + | Enter passphrase (empty for no passphrase): |
- | Enter same passphrase again: | + | Enter same passphrase again: |
- | Your identification has been saved in /home/xxxx/.ssh/id_dsa. | + | Your identification has been saved in /home/testuser1/.ssh/id_rsa. |
- | Your public key has been saved in /home/xxxx/.ssh/id_dsa.pub. | + | Your public key has been saved in /home/testuser1/.ssh/id_rsa.pub. |
- | The key fingerprint is: | + | The key fingerprint is: |
- | | + | SHA256:lGwwYIBUEvWqjQFSq09qZA/ |
+ | The key's randomart image is: | ||
+ | +---[RSA 2048]----+ | ||
+ | |.=*++XB=. | ||
+ | |o..o=E+*o. | ||
+ | |=o.= ...= | | ||
+ | |*.= * oo | | ||
+ | |.*.= + S | | ||
+ | |o+O | | ||
+ | |.+.o | | ||
+ | |. | | ||
+ | | | | ||
+ | +----[SHA256]-----+ | ||
When asked for a " | When asked for a " | ||
- | The ssh-keygen program will now generate both your public and your private key. For the sake of this first simple tutorial I will call these files by their default names " | + | The ssh-keygen program will now generate both your public and your private key. Your keys are stored in the .ssh/ directory in your home directory. |
- | Your keys are stored in the .ssh/ directory | + | The file '' |
- | The file identity | + | The file '' |
- | The file identity.pub contains your public | + | ====Simplified version in case of a shared home disk==== |
+ | This is how you authorize the key for use within a local network with shared home disk. See below for the general case of accessing a remote | ||
- | ====Copy public key to server==== | + | Simply add the public part of the key to your .ssh/ |
- | To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys | + | cat ~/ |
+ | chmod 600 ~/ | ||
+ | |||
+ | |||
+ | ====Copy public key to server. 1. modern and easy, if it works==== | ||
+ | Nowadays, ssh comes with a utility to send a public key to a remote machine (requiring you to log in using your password once, or requiring a previous key to be already in place). This will take care adding the key to the authorized_keys on the remote system. To do this, simply use: | ||
+ | ssh-copy-id -i id_rsa.pub user@remotehost | ||
+ | Actually, if you only have one key pair, you can leave out the -i and the name of the key to be copied, so this will do: | ||
+ | ssh-copy-id user@remotehost | ||
+ | |||
+ | ====Copy public key to server. 2. the old way ==== | ||
+ | To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys file in the .ssh/ directory in your home directory on the remote machine. | ||
In our example we will assume you don't have any keys in the authorized_keys files on the remote server. (Hint: If you do not have a remote shell, you can always use your own useraccount on your local machine as a remote shell (ssh localhost)) | In our example we will assume you don't have any keys in the authorized_keys files on the remote server. (Hint: If you do not have a remote shell, you can always use your own useraccount on your local machine as a remote shell (ssh localhost)) | ||
Line 63: | Line 87: | ||
First we will upload the public keys to the remote server: | First we will upload the public keys to the remote server: | ||
$ cd .ssh/ | $ cd .ssh/ | ||
- | $ scp id_dsa.pub xxxx@zzzz: | + | $ scp id_rsa.pub xxxx@zzzz: |
- | | + | |
- | This will place your keys in your home directory on the remote server. After that we will login on the remote server using ssh or telnet | + | This will place your keys in your home directory on the remote server. After that we will login on the remote server using ssh the conventional way... with a password. |
- | When you are logged in you should create a .ssh directory, and inside the .ssh/ directory create an authorized_keys | + | When you are logged in you should create a .ssh directory, and inside the .ssh/ directory create an authorized_keys file and add the keys to the file. Make sure the files are not readable for other users/ |
- | Placing the key for version 2 works as follows: | + | Placing the key works as follows: |
$ cd .ssh | $ cd .ssh | ||
- | $ touch authorized_keys2 | + | $ touch authorized_keys |
- | $ chmod 600 authorized_keys2 | + | $ chmod 600 authorized_keys |
- | $ cat ../id_dsa.pub >> | + | $ cat ../id_rsa.pub >> |
- | $ rm ../id_dsa.pub | + | $ rm ../id_rsa.pub |
From now on you can login from client yyyy to server zzzz without having to specify a password. | From now on you can login from client yyyy to server zzzz without having to specify a password. | ||