Ssh with a private-public key

From DiLab
Revision as of 13:10, 25 January 2012 by Leo (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

If you are using svn+ssh or just want automatic login without typing the password whenever using ssh, you may want to consider setting up public-private key authentication between the client and server machine. The server will have the public key, and the client will have the private key. This is how to set it up:

On the client: generate the public/private key pair

 cd ~/.ssh
 ssh-keygen -t dsa 

Copy the public key to your server, and add to ~/.ssh/authorized_keys file, like this:

 ssh-copy-id remote-machine

...or:

 ssh remote-machine 'cat >> .ssh/authorized_keys' < .ssh/id_dsa.pub

...or, if you prefer the long way (smile), do it like this:

 scp ./id_dsa.pub user@myserver.com:
 ssh user@myserver.com
 myserver>  cat id_dsa.pub >> .ssh/authorized_keys
 myserver>  rm id_dsa.pub
 myserver>  logout

Remember to check that your .ssh/ directory and files in there are not public readable, otherwise someone may steal your private key and get access to your server!

Done!

Turning the keys and identities on and off

You may want to use the following commands or even define aliases as below. Note, ssh -t <seconds> sets timeout for the open key. In the example below 10800 = 3 hours.

alias keyon="ssh-add -t 10800"
alias keyoff='ssh-add -D'
alias keylist='ssh-add -l'

Other links and info