This page describes how to set up a DSA key/passphrase to securely connect from your desktop machine (client) to a remote machine (server) using OpenSSH (with SSH protocol 2). |
To be absolutely clear, we are using:
drwx------ 2 simonh users 136 2005-01-05 12:17 .sshi.e., the directory is private to the owner.
ssh-keygen -t dsaYou will be prompted for the name of a file in which to keep the key (the default is fine). You will also be prompted for a passphrase --- don't use a blank or easily-guessed passphrase. You will see something like this:
prompt> ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/mc/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/mc/.ssh/id_dsa. Your public key has been saved in /home/mc/.ssh/id_dsa.pub. The key fingerprint is: e0:............................................:xy user@clienthost prompt>Two files are created: ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub. The first is your private key; the second is your public key.
local> scp ~/.ssh/id_dsa.pub remote.server:.ssh/authorized_keys2
local> scp ~/.ssh/id_dsa.pub remote.server:.ssh/authorized_keys2_tempand
remote> cd ~/.ssh remote> cat authorized_keys2_temp >> authorized_keys2 remote> rm authorized_keys2_temp
ssh -v bohrg1.man.ac.uk -l simonh -v OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to bohrg1.man.ac.uk [130.88.200.111] port 22. debug1: Connection established. . . debug1: identity file /home/simonh/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 . . debug1: Host 'bohrg1.man.ac.uk' is known and matches the RSA host key. debug1: Found key in /home/simonh/.ssh/known_hosts:1 . . debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickeyNotice the available methods of authentication and their order: publickey, password and keyboard-interactive. The first is our key-with-passphrase-based method; the others are password-only-based methods (used above to copy id_dsa.pub to the remote machine).
. . debug1: Offering public key: /home/simonh/.ssh/id_dsa . . Enter passphrase for key '/home/simonh/.ssh/id_dsa':Enter your passphrase and hit return, and you will be authenticated and logged in as usual.
...previous | up (conts) | next... |