12. Password-Free Authentication: Keys and Agents |
These instructions are based on an OpenSSH client: OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f (ssh -V).
First ensure you can login with ssh via the password or keyboard-interactive authentication methods, if necessary answering yes to the question
The authenticity of host 'pinback.csu (130.88.100.87)' can't be established. RSA key fingerprint is 65:c6:e9:fb:17:c1:94:c8:a7:9c:87:8d:8f:59:27:9c. Are you sure you want to continue connecting (yes/no)? yesso that the remote machine has an entry in ~/.ssh/known_hosts.
Now setup the private and public RSA keys:
ssh-keygen -b 1024 -t rsa
This creates the files .ssh/id_rsa and .ssh/id_rsa.pub, by
default. You will need to enter a pass-phrase to go with the keys.
N.B. .ssh should be chmod 700 and id_rsa*
should be chmod 600.
Next, copy the contents of id_rsa.pub to ~/.ssh/authorized_keys on the remote host by some means, for example, once logged into the remote machine and id_rsa.pub copied over to ~:
remote> cd .ssh
remote> cat ../id_rsa.pub >> authorized_keys
N.B. On the remote machine, ~/.ssh should be chmod 700 and
authorized_hosts should be chmod 600.
You should now be able to authenticate to the remote machine by entering your key-related pass-phrase, rather than your usual password:
local> ssh <remote.machine> -l simonh Enter passphrase for key '/home/si2/.ssh/id_rsa': remote>
Finally, set up the SSH agent, so that you don't even have to type in your key-related pass-phrase. At the local prompt:
local> eval `ssh-agent` Agent pid 20774 local> ssh-addThen you should be able to login in to the remote machine without typing any pass anthing (until such time as this instance of the agent ceases running, e.g., on logout).
| ...previous | up (conts) | next... |