Computer Documentation Wiki

User Tools

Site Tools

Trace:
ssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
ssh [2017/05/19 20:42] deulssh [2020/10/22 12:12] jansen
Line 34: Line 34:
 ====== SSH keys ====== ====== SSH keys ======
 ====Create a key pair==== ====Create a key pair====
-To create the most simple key, with the default encryption, open up a console, and enter the following command:+To create simple key pair, with the default encryption, open up a console, and enter the following command:
  
-  $ ssh-keygen -t dsa +  $ ssh-keygen -t rsa 
-  Generating public/private dsa key pair. +Generating public/private rsa key pair. 
-  Enter file in which to save the key (/home/xxxx/.ssh/id_dsa):  +Enter file in which to save the key (/home/testuser1/.ssh/id_rsa):  
-  Enter passphrase (empty for no passphrase):  +Enter passphrase (empty for no passphrase):  
-  Enter same passphrase again:  +Enter same passphrase again:  
-  Your identification has been saved in /home/xxxx/.ssh/id_dsa+Your identification has been saved in /home/testuser1/.ssh/id_rsa
-  Your public key has been saved in /home/xxxx/.ssh/id_dsa.pub. +Your public key has been saved in /home/testuser1/.ssh/id_rsa.pub. 
-  The key fingerprint is: +The key fingerprint is: 
-  7b:ab:75:32:9e:b6:6c:4b:29:dc:2a:2b:8c:2f:4e:37 xxxx@yyyy+SHA256:lGwwYIBUEvWqjQFSq09qZA/gwE9rnRWTRmKjcg81FIU testuser1@ssh 
 +The key's randomart image is: 
 ++---[RSA 2048]----+ 
 +|.=*++XB=.        | 
 +|o..o=E+*o.       | 
 +|=o.= ...=        | 
 +|*.= * oo         | 
 +|.*.= +  S        | 
 +|o+O              | 
 +|.+.o             | 
 +|.                | 
 +|                 | 
 ++----[SHA256]-----+
  
 When asked for a "passphrase", we won't enter one. Just press enter twice. When asked for a "passphrase", we won't enter one. Just press enter twice.
  
-The ssh-keygen program will now generate both your public and your private key. For the sake of this first simple tutorial I will call these files by their default names "identity" and the public key "identity.pub".+The ssh-keygen program will now generate both your public and your private key. Your keys are stored in the .ssh/ directory in your home directory.
  
-Your keys are stored in the .ssh/ directory in your home directorybut you can store them where ever you'd like.+The file ''id_rsa'' contains your private keyYOU SHOULD GUARD THIS KEY WITH YOUR LIFE! This key is used to gain access on systems which have your private key listed in their authorized keys file. I cannot stress this enough, dont have your keys drifting around. Alsomake sure your private key always is chmod 600, so other users on the system won't have access to it.
  
-The file identity contains your private key. YOU SHOULD GUARD THIS KEY WITH YOUR LIFE! This key is used to gain access on systems which have your private key listed in their authorized keys file. I cannot stress this enough, dont have your keys drifting around. Also, make sure your private key always is chmod 600, so other users on the system won't have access to it.+The file ''id_rsa.pub'' contains your public key, which can be added to other system's authorized keys files.
  
-The file identity.pub contains your public key, which can be added to other system's authorized keys files.+====Simplified version in case of a shared home disk==== 
 +This is how you authorize the key for use within a local network with shared home disk. See below for the general case of accessing a remote system.
  
-====Copy public key to server==== +Simply add the public part of the key to your .ssh/authorized_keys file, and make sure that that file is not accessible for others: 
-To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys (for version 1) file, and the authorized_keys2 (for version2) file in the .ssh/ directory in your home directory on the remote machine.+  cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys 
 +  chmod 600 ~/.ssh/authorized_keys 
 + 
 + 
 +====Copy public key to server. 1. modern and easy, if it works==== 
 +Nowadays, ssh comes with a utility to send a public key to a remote machine (requiring you to log in using your password once, or requiring a previous key to be already in place). This will take care adding the key to the authorized_keys on the remote system. To do this, simply use: 
 +  ssh-copy-id -i id_rsa.pub user@remotehost 
 +Actually, if you only have one key pair, you can leave out the -i and the name of the key to be copied, so this will do: 
 +  ssh-copy-id user@remotehost 
 + 
 +====Copy public key to server. 2. the old way ==== 
 +To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys file in the .ssh/ directory in your home directory on the remote machine.
  
 In our example we will assume you don't have any keys in the authorized_keys files on the remote server. (Hint: If you do not have a remote shell, you can always use your own useraccount on your local machine as a remote shell (ssh localhost)) In our example we will assume you don't have any keys in the authorized_keys files on the remote server. (Hint: If you do not have a remote shell, you can always use your own useraccount on your local machine as a remote shell (ssh localhost))
Line 63: Line 87:
 First we will upload the public keys to the remote server: First we will upload the public keys to the remote server:
   $ cd .ssh/   $ cd .ssh/
-  $ scp id_dsa.pub xxxx@zzzz:./id_dsa.pub +  $ scp id_rsa.pub xxxx@zzzz:./id_rsa.pub 
-  id_dsa.pub    100% |*****************************************************|   526       00:00+  id_rsa.pub    100% |*****************************************************|   526       00:00
  
-This will place your keys in your home directory on the remote server. After that we will login on the remote server using ssh or telnet the conventional way... with a password.+This will place your keys in your home directory on the remote server. After that we will login on the remote server using ssh the conventional way... with a password.
  
-When you are logged in you should create a .ssh directory, and inside the .ssh/ directory create an authorized_keys and an authorized_keys2 file and add the keys to the files. Make sure the files are not readable for other users/groups. chmod 600 authorized_keysdoes the trick.+When you are logged in you should create a .ssh directory, and inside the .ssh/ directory create an authorized_keys file and add the keys to the file. Make sure the files are not readable for other users/groups. chmod 600 authorized_keys does the trick.
  
-Placing the key for version 2 works as follows:+Placing the key works as follows:
  
   $ cd .ssh   $ cd .ssh
-  $ touch authorized_keys2 +  $ touch authorized_keys 
-  $ chmod 600 authorized_keys2 +  $ chmod 600 authorized_keys 
-  $ cat ../id_dsa.pub >> authorized_keys2 +  $ cat ../id_rsa.pub >> authorized_keys 
-  $ rm ../id_dsa.pub+  $ rm ../id_rsa.pub
  
 From now on you can login from client yyyy to server zzzz without having to specify a password. From now on you can login from client yyyy to server zzzz without having to specify a password.
  
ssh.txt · Last modified: 2024/03/14 09:28 by jansen

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki