HOWTO: Setup SSH keys
Setting up SSH keys is an extremely useful and fairly easy thing to do yet I delayed doing it for over a year because I never found any simple straightforward instructions for how to do it.
Here are my straightforward, no nonsense instructions for setting up password-less ssh remote login.
Note: In these instructions I refer to a local computer and a remote computer. The local computer is your personal computer or the computer your are running ssh from and the remote computer is the computer you are connecting to. If you are connecting to a server that is the remote computer.
Begin by running ssh-keygen -t dsa on your local computer. The output will look something like this. When it asks for a passphrase enter something but remember what it is as you will have to enter it again. Later we will find out how to save the passphrase using keychain so we do not have to enter it every time.
$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/Users/rob/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/rob/.ssh/id_dsa. Your public key has been saved in /Users/rob/.ssh/id_dsa.pub. The key fingerprint is: e1:9c:c3:55:9a:ab:5f:7d:db:0c:bf:02:67:cd:ac:ce rob@athena.local
This will create two files, ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub. Next we need to append id_dsa.pub to ~/.ssh/authorized_keys2 on the remote computer
cat .ssh/id_dsa.pub | ssh remote_computer_ip "cat >> .ssh/authorized_keys2"
Insert the IP address of the remote computer and run the command (it is all one line). Once that is done the ssh keys are now setup. Test it by connecting to the remote computer.
% ssh username@remote-computer Enter passphrase for key '/home/rob/.ssh/id_dsa':
After entering the correct passphrase the remote computer will finish the login process.
At this point we are no better off then we were before. Entering a phasephrase is often more work than a password. To save us the work of entering our passphrase each time we can use Keychain programs. There are keychain programs for OS X and Linux.
Keychain on Mac OS X: OS X 10.5 will store ssh passphrases in the OS X Keychain the first time you attempt to login.
Keychain on Linux: On linux we need to install a program similarly named ‘keychain’. Seek out and install keychain from your distribution’s repositories. After it is installed we need to add the following lines to ~/.bash_profile.
keychain id_dsa source ~/.keychain/$HOSTNAME-sh
Now test it by reopening terminal and keychain should run. Once your passphrase is stored in keychain you will be able to login to the remote computer without being prompted for a passphrase.
Note about RSA: You may have seen RSA keys used instead of DSA keys. RSA encryption is used by version 1 of the ssh protocol whereas DSA is used by version 2. OpenSSH is capable of using both DSA and RSA keys so you may use whichever you like.
Comments
Leave a Reply
