SSH Keys

From CS Wiki

This Howto explains how to set up ssh keys to securely enable passwordless log in.

Contents 1 Mac 1.1 Step 1 - Generate key pair 1.2 Step 2 - Copy public key 1.3 Step 3 - Save public key 1.4 Step 4 - Cache passphrase 2 Linux 2.1 Step 1 - Generate key pair 2.2 Step 2 - Copy public key 2.3 Step 3 - Save public key 2.4 Step 4 - Cache passphrase 3 Windows 3.1 Step 1

Mac

Step 1 - Generate key pair

Start Console located in Applications->Utilities. Then run this command:

ssh-keygen -t rsa

First it will ask you which file to save the key to. Just hit the Return key, the default will be fine. It will then ask you for a passphrase. Just choose any passphrase, but do not enter nothing and choose something you will remember. It will then ask you for the same passphrase as before for confirmation.

This generated two files, id_rsa and id_rsa.pub. id_rsa is your private key. Under no circumstances should this file ever leave your machine. If anyone gets their hands on it. They can log into anything you can. The second, id_rsa.pub is your public key. This file is safe to pass around as the information it contains is harmless.

Step 2 - Copy public key

Now we need to get the public key generated in Step 1 to your linux account. To do this, we will use scp. Issue this command to copy your public key to linux:

scp ~/.ssh/id_rsa.pub linux.cs.mtsu.edu:

This will copy the file over to linux.cs.mtsu.edu and put it in your home directory there.

Step 3 - Save public key

Now ssh into the linux row. For information on how to do this, consult the linux row page. Now issue this command:

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

This will place your public key into the authorized_keys file. Whenever someone tries to authorize your account with ssh, sshd (the ssh server program) will check to see if the private key on the remote computer matches any public keys in the authorized_keys file. Now you can remove the id_rsa.pub file with:

rm ~/id_rsa.pub

Log out of Linux row with this command:

exit

Step 4 - Cache passphrase

Now we need to cache our passphrase that is encoded into the private/public key pair. To do this use the program SSHKeychain located at http://www.sshkeychain.org/. When this program is launched, it will request the passphrase you gave ssh-keygen earlier. After you enter the passphrase it will store it in Apple's Keychain built into OS X. Now you can ssh into linux.cs.mtsu.edu without entering a password.

Linux

Step 1 - Generate key pair

Open your favorite terminal emulator. Then run this command:

ssh-keygen -t rsa

First it will ask you which file to save the key to. Just hit the Return key, the default will be fine. It will then ask you for a passphrase. Just choose any passphrase, but do not enter nothing and choose something you will remember. It will then ask you for the same passphrase as before for confirmation.

This generated two files, id_rsa and id_rsa.pub. id_rsa is your private key. Under no circumstances should this file ever leave your machine. If anyone gets their hands on it. They can log into anything you can. The second, id_rsa.pub is your public key. This file is safe to pass around as the information it contains is harmless.

Step 2 - Copy public key

Now we need to get the public key generated in Step 1 to your linux account. To do this, we will use scp. Issue this command to copy your public key to linux:

scp ~/.ssh/id_rsa.pub linux.cs.mtsu.edu:

This will copy the file over to linux.cs.mtsu.edu and put it in your home directory there.

Step 3 - Save public key

Now ssh into the linux row. For information on how to do this, consult the linux row page. Now issue this command:

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

This will place your public key into the authorized_keys file. Whenever someone tries to authorize your account with ssh, sshd (the ssh server program) will check to see if the private key on the remote computer matches any public keys in the authorized_keys file. Now you can remove the id_rsa.pub file with:

rm ~/id_rsa.pub

Step 4 - Cache passphrase

Log out of linux row with this command:

exit

Now we need to cache our passphrase that is encoded into the private/public key pair. To do this, use keychain. The source for keychain is located at http://dev.gentoo.org/~agriffis/keychain/. However, your package manager undoubtedly has it in its repositories. After you have it installed, add these lines to your ~/.bash_profile :

/usr/bin/keychain ~/.ssh/id_rsa 
. ~/.keychain/`hostname`-sh > /dev/null

Many shell configurations are available. If you take a look in ~/.keychain, you'll notice several files with formats for different shells. This will reduce the number of times you have to enter your passphrase to once every reboot.

Windows

Step 1

Download puttygen.exe. Save the file to your Desktop.

• This needs to be completed